SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe SessionTimeoutJob, type: :job do
  before do
    create(:active_session, user: user)
  end

  context 'with timeout admin' do
    let(:user) { create(:admin) }

    before do
      Setting.set('session_timeout', { admin: 30.minutes.to_s })
    end

    it 'does kill the session' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does also kill the session of deleted users' do
      user.destroy
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session' do
      travel_to 1.minute.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeout ticket.agent' do
    let(:user) { create(:agent) }

    before do
      Setting.set('session_timeout', { 'ticket.agent': 30.minutes.to_s })
    end

    it 'does kill the session' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session' do
      travel_to 1.minute.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeout ticket.customer' do
    let(:user) { create(:customer) }

    before do
      Setting.set('session_timeout', { 'ticket.customer': 30.minutes.to_s })
    end

    it 'does kill the session' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session' do
      travel_to 1.minute.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeout agent and customer' do
    let(:user) { create(:agent_and_customer) }

    before do
      Setting.set('session_timeout', { 'ticket.customer': 1.second.to_s, 'ticket.agent': 2.hours.to_s })
    end

    it 'does kill the session' do
      travel_to 1.day.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeout default' do
    let(:user) { create(:customer) }

    before do
      Setting.set('session_timeout', { default: 30.minutes.to_s })
    end

    it 'does kill the session' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session' do
      travel_to 1.minute.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeout fallback from admin to default' do
    let(:user) { create(:admin) }

    before do
      Setting.set('session_timeout', { admin: '0', default: 30.minutes.to_s })
    end

    it 'does kill the session' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does also kill the session of deleted users' do
      user.destroy
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session' do
      travel_to 1.minute.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeouts all disabled' do
    let(:user) { create(:admin) }

    before do
      Setting.set('session_timeout', { admin: '0', default: '0' })
    end

    it 'does not kill the session because all timeouts are disabled in 1 hour' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end

    it 'does also kill the session of deleted users' do
      user.destroy
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
    end

    it 'does not kill the session because all timeouts are disabled in 1 minute' do
      travel_to 1.minute.from_now
      expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
    end
  end

  context 'with timeout and a dead session in the past' do
    let(:user) { create(:admin) }

    before do
      Setting.set('session_timeout', { admin: 30.minutes.to_s })
      travel_to 10.hours.ago
      create(:active_session, user: user)
      travel_to 10.hours.from_now
    end

    it 'does a frontend logout for the user' do
      allow(PushMessages).to receive(:send_to)
      travel_to 1.hour.from_now
      described_class.perform_now
      expect(PushMessages).to have_received(:send_to).with(user.id, { event: 'session_timeout' }).twice
    end

    it 'does not init a frontend logout for the user because he does not exist anymore' do
      allow(PushMessages).to receive(:send_to)
      user.destroy
      travel_to 1.hour.from_now
      described_class.perform_now
      expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
    end

    it 'does not init a frontend logout for the user because of an active session' do
      allow(PushMessages).to receive(:send_to)
      travel_to 1.minute.from_now
      described_class.perform_now
      expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
    end
  end

  context 'without user in session' do
    let(:user) { create(:admin) }

    before do
      Setting.set('session_timeout', { admin: 30.minutes.to_s })
      create(:active_session, user: nil)
    end

    it 'does not crash' do
      travel_to 1.hour.from_now
      expect { described_class.perform_now }.not_to raise_error
    end
  end
end