Move session entity to sessions folder

Signed-off-by: Yannick Bungers <git@innay.de>
2025-05-19 09:45:37 -04:00 · 2023-06-25 21:52:44 +02:00 · 2023-06-25 21:52:44 +02:00 · f362d27d3f
commit f362d27d3f
parent eeef0ea025
23 changed files with 26 additions and 26 deletions
--- a/backend/src/sessions/session.service.spec.ts
+++ b/backend/src/sessions/session.service.spec.ts
@ -0,0 +1,203 @@
+/*
+ * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import * as ConnectTypeormModule from 'connect-typeorm';
+import { TypeormStore } from 'connect-typeorm';
+import * as parseCookieModule from 'cookie';
+import * as cookieSignatureModule from 'cookie-signature';
+import { IncomingMessage } from 'http';
+import { Mock } from 'ts-mockery';
+import { Repository } from 'typeorm';
+
+import { AuthConfig } from '../config/auth.config';
+import { DatabaseType } from '../config/database-type.enum';
+import { DatabaseConfig } from '../config/database.config';
+import { HEDGEDOC_SESSION } from '../utils/session';
+import { Session } from './session.entity';
+import { SessionService, SessionState } from './session.service';
+
+jest.mock('cookie');
+jest.mock('cookie-signature');
+
+describe('SessionService', () => {
+  let mockedTypeormStore: TypeormStore;
+  let mockedSessionRepository: Repository<Session>;
+  let databaseConfigMock: DatabaseConfig;
+  let authConfigMock: AuthConfig;
+  let typeormStoreConstructorMock: jest.SpyInstance;
+  const mockedExistingSessionId = 'mockedExistingSessionId';
+  const mockUsername = 'mock-user';
+  const mockSecret = 'mockSecret';
+  let sessionService: SessionService;
+
+  beforeEach(() => {
+    jest.resetModules();
+    jest.restoreAllMocks();
+    const mockedExistingSession = Mock.of<SessionState>({
+      username: mockUsername,
+    });
+    mockedTypeormStore = Mock.of<TypeormStore>({
+      connect: jest.fn(() => mockedTypeormStore),
+      get: jest.fn(((sessionId, callback) => {
+        if (sessionId === mockedExistingSessionId) {
+          callback(undefined, mockedExistingSession);
+        } else {
+          callback(new Error("Session doesn't exist"), undefined);
+        }
+      }) as TypeormStore['get']),
+    });
+    mockedSessionRepository = Mock.of<Repository<Session>>({});
+    databaseConfigMock = Mock.of<DatabaseConfig>({
+      type: DatabaseType.SQLITE,
+    });
+    authConfigMock = Mock.of<AuthConfig>({
+      session: {
+        secret: mockSecret,
+      },
+    });
+
+    typeormStoreConstructorMock = jest
+      .spyOn(ConnectTypeormModule, 'TypeormStore')
+      .mockReturnValue(mockedTypeormStore);
+
+    sessionService = new SessionService(
+      mockedSessionRepository,
+      databaseConfigMock,
+      authConfigMock,
+    );
+  });
+
+  it('creates a new TypeormStore on create', () => {
+    expect(typeormStoreConstructorMock).toHaveBeenCalledWith({
+      cleanupLimit: 2,
+      limitSubquery: true,
+    });
+    expect(mockedTypeormStore.connect).toHaveBeenCalledWith(
+      mockedSessionRepository,
+    );
+    expect(sessionService.getTypeormStore()).toBe(mockedTypeormStore);
+  });
+
+  it('can fetch a username for an existing session', async () => {
+    await expect(
+      sessionService.fetchUsernameForSessionId(mockedExistingSessionId),
+    ).resolves.toBe(mockUsername);
+  });
+
+  it("can't fetch a username for a non-existing session", async () => {
+    await expect(
+      sessionService.fetchUsernameForSessionId("doesn't exist"),
+    ).rejects.toThrow();
+  });
+
+  describe('extract verified session id from request', () => {
+    const validCookieHeader = 'validCookieHeader';
+    const validSessionId = 'validSessionId';
+
+    function mockParseCookieModule(sessionCookieContent: string): void {
+      jest
+        .spyOn(parseCookieModule, 'parse')
+        .mockImplementation((header: string): Record<string, string> => {
+          if (header === validCookieHeader) {
+            return {
+              [HEDGEDOC_SESSION]: sessionCookieContent,
+            };
+          } else {
+            return {};
+          }
+        });
+    }
+
+    beforeEach(() => {
+      jest.spyOn(parseCookieModule, 'parse').mockImplementation(() => {
+        throw new Error('call not expected!');
+      });
+      jest
+        .spyOn(cookieSignatureModule, 'unsign')
+        .mockImplementation((value, secret) => {
+          if (value.endsWith('.validSignature') && secret === mockSecret) {
+            return 'decryptedValue';
+          } else {
+            return false;
+          }
+        });
+    });
+
+    it('fails if no cookie header is present', () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: {},
+      });
+      expect(
+        sessionService.extractSessionIdFromRequest(mockedRequest).isEmpty(),
+      ).toBeTruthy();
+    });
+
+    it("fails if the cookie header isn't valid", () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: { cookie: 'no' },
+      });
+      mockParseCookieModule(`s:anyValidSessionId.validSignature`);
+      expect(
+        sessionService.extractSessionIdFromRequest(mockedRequest).isEmpty(),
+      ).toBeTruthy();
+    });
+
+    it("fails if the hedgedoc session cookie isn't marked as signed", () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: { cookie: validCookieHeader },
+      });
+      mockParseCookieModule('sessionId.validSignature');
+      expect(() =>
+        sessionService.extractSessionIdFromRequest(mockedRequest),
+      ).toThrow(
+        'cookie "hedgedoc-session" doesn\'t look like a signed session cookie',
+      );
+    });
+
+    it("fails if the hedgedoc session cookie doesn't contain a session id", () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: { cookie: validCookieHeader },
+      });
+      mockParseCookieModule('s:.validSignature');
+      expect(() =>
+        sessionService.extractSessionIdFromRequest(mockedRequest),
+      ).toThrow(
+        'cookie "hedgedoc-session" doesn\'t look like a signed session cookie',
+      );
+    });
+
+    it("fails if the hedgedoc session cookie doesn't contain a signature", () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: { cookie: validCookieHeader },
+      });
+      mockParseCookieModule('s:sessionId.');
+      expect(() =>
+        sessionService.extractSessionIdFromRequest(mockedRequest),
+      ).toThrow(
+        'cookie "hedgedoc-session" doesn\'t look like a signed session cookie',
+      );
+    });
+
+    it("fails if the hedgedoc session cookie isn't signed correctly", () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: { cookie: validCookieHeader },
+      });
+      mockParseCookieModule('s:sessionId.invalidSignature');
+      expect(() =>
+        sessionService.extractSessionIdFromRequest(mockedRequest),
+      ).toThrow('signature of cookie "hedgedoc-session" isn\'t valid.');
+    });
+
+    it('can extract a session id from a valid request', () => {
+      const mockedRequest = Mock.of<IncomingMessage>({
+        headers: { cookie: validCookieHeader },
+      });
+      mockParseCookieModule(`s:${validSessionId}.validSignature`);
+      expect(
+        sessionService.extractSessionIdFromRequest(mockedRequest).get(),
+      ).toBe(validSessionId);
+    });
+  });
+});