session_timeout_job_spec.rb 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
  1. require 'rails_helper'
  2. RSpec.describe SessionTimeoutJob, type: :job do
  3. before do
  4. create(:active_session, user: user)
  5. end
  6. context 'with timeout admin' do
  7. let(:user) { create(:admin) }
  8. before do
  9. Setting.set('session_timeout', { admin: 30.minutes.to_s })
  10. end
  11. it 'does kill the session' do
  12. travel_to 1.hour.from_now
  13. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  14. end
  15. it 'does also kill the session of deleted users' do
  16. user.destroy
  17. travel_to 1.hour.from_now
  18. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  19. end
  20. it 'does not kill the session' do
  21. travel_to 1.minute.from_now
  22. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  23. end
  24. end
  25. context 'with timeout ticket.agent' do
  26. let(:user) { create(:agent) }
  27. before do
  28. Setting.set('session_timeout', { 'ticket.agent': 30.minutes.to_s })
  29. end
  30. it 'does kill the session' do
  31. travel_to 1.hour.from_now
  32. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  33. end
  34. it 'does not kill the session' do
  35. travel_to 1.minute.from_now
  36. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  37. end
  38. end
  39. context 'with timeout ticket.customer' do
  40. let(:user) { create(:customer) }
  41. before do
  42. Setting.set('session_timeout', { 'ticket.customer': 30.minutes.to_s })
  43. end
  44. it 'does kill the session' do
  45. travel_to 1.hour.from_now
  46. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  47. end
  48. it 'does not kill the session' do
  49. travel_to 1.minute.from_now
  50. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  51. end
  52. end
  53. context 'with timeout agent and customer' do
  54. let(:user) { create(:agent_and_customer) }
  55. before do
  56. Setting.set('session_timeout', { 'ticket.customer': 1.second.to_s, 'ticket.agent': 2.hours.to_s })
  57. end
  58. it 'does kill the session' do
  59. travel_to 1.day.from_now
  60. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  61. end
  62. it 'does not kill the session' do
  63. travel_to 1.hour.from_now
  64. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  65. end
  66. end
  67. context 'with timeout default' do
  68. let(:user) { create(:customer) }
  69. before do
  70. Setting.set('session_timeout', { default: 30.minutes.to_s })
  71. end
  72. it 'does kill the session' do
  73. travel_to 1.hour.from_now
  74. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  75. end
  76. it 'does not kill the session' do
  77. travel_to 1.minute.from_now
  78. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  79. end
  80. end
  81. context 'with timeout fallback from admin to default' do
  82. let(:user) { create(:admin) }
  83. before do
  84. Setting.set('session_timeout', { admin: '0', default: 30.minutes.to_s })
  85. end
  86. it 'does kill the session' do
  87. travel_to 1.hour.from_now
  88. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  89. end
  90. it 'does also kill the session of deleted users' do
  91. user.destroy
  92. travel_to 1.hour.from_now
  93. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  94. end
  95. it 'does not kill the session' do
  96. travel_to 1.minute.from_now
  97. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  98. end
  99. end
  100. context 'with timeouts all disabled' do
  101. let(:user) { create(:admin) }
  102. before do
  103. Setting.set('session_timeout', { admin: '0', default: '0' })
  104. end
  105. it 'does not kill the session because all timeouts are disabled in 1 hour' do
  106. travel_to 1.hour.from_now
  107. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  108. end
  109. it 'does also kill the session of deleted users' do
  110. user.destroy
  111. travel_to 1.hour.from_now
  112. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  113. end
  114. it 'does not kill the session because all timeouts are disabled in 1 minute' do
  115. travel_to 1.minute.from_now
  116. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
  117. end
  118. end
  119. context 'with timeout and a dead session in the past' do
  120. let(:user) { create(:admin) }
  121. before do
  122. Setting.set('session_timeout', { admin: 30.minutes.to_s })
  123. travel_to 10.hours.ago
  124. create(:active_session, user: user)
  125. travel_to 10.hours.from_now
  126. end
  127. it 'does a frontend logout for the user' do
  128. allow(PushMessages).to receive(:send_to)
  129. travel_to 1.hour.from_now
  130. described_class.perform_now
  131. expect(PushMessages).to have_received(:send_to).with(user.id, { event: 'session_timeout' }).twice
  132. end
  133. it 'does not init a frontend logout for the user because he does not exist anymore' do
  134. allow(PushMessages).to receive(:send_to)
  135. user.destroy
  136. travel_to 1.hour.from_now
  137. described_class.perform_now
  138. expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
  139. end
  140. it 'does not init a frontend logout for the user because of an active session' do
  141. allow(PushMessages).to receive(:send_to)
  142. travel_to 1.minute.from_now
  143. described_class.perform_now
  144. expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
  145. end
  146. end
  147. context 'without user in session' do
  148. let(:user) { create(:admin) }
  149. before do
  150. Setting.set('session_timeout', { admin: 30.minutes.to_s })
  151. create(:active_session, user: nil)
  152. end
  153. it 'does not crash' do
  154. travel_to 1.hour.from_now
  155. expect { described_class.perform_now }.not_to raise_error
  156. end
  157. end
  158. end