forget_insecure_sessions_spec.rb 810 B

123456789101112131415161718192021222324252627282930
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe ForgetInsecureSessions, type: :db_migration do
  4. before do
  5. 5.times do
  6. ActiveRecord::SessionStore::Session.create(
  7. session_id: SecureRandom.hex(16),
  8. data: SecureRandom.base64(10)
  9. )
  10. end
  11. end
  12. context 'for HTTP deployment' do
  13. before { Setting.set('http_type', 'http') }
  14. it 'does not delete existing sessions' do
  15. expect { migrate }.not_to change(ActiveRecord::SessionStore::Session, :count)
  16. end
  17. end
  18. context 'for HTTPS deployment' do
  19. before { Setting.set('http_type', 'https') }
  20. it 'deletes all existing sessions' do
  21. expect { migrate }.to change(ActiveRecord::SessionStore::Session, :count).to(0)
  22. end
  23. end
  24. end