123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe SessionTimeoutJob, type: :job do
- before do
- create(:active_session, user: user)
- end
- context 'with timeout admin' do
- let(:user) { create(:admin) }
- before do
- Setting.set('session_timeout', { admin: 30.minutes.to_s })
- end
- it 'does kill the session' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does also kill the session of deleted users' do
- user.destroy
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session' do
- travel_to 1.minute.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeout ticket.agent' do
- let(:user) { create(:agent) }
- before do
- Setting.set('session_timeout', { 'ticket.agent': 30.minutes.to_s })
- end
- it 'does kill the session' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session' do
- travel_to 1.minute.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeout ticket.customer' do
- let(:user) { create(:customer) }
- before do
- Setting.set('session_timeout', { 'ticket.customer': 30.minutes.to_s })
- end
- it 'does kill the session' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session' do
- travel_to 1.minute.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeout agent and customer' do
- let(:user) { create(:agent_and_customer) }
- before do
- Setting.set('session_timeout', { 'ticket.customer': 1.second.to_s, 'ticket.agent': 2.hours.to_s })
- end
- it 'does kill the session' do
- travel_to 1.day.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeout default' do
- let(:user) { create(:customer) }
- before do
- Setting.set('session_timeout', { default: 30.minutes.to_s })
- end
- it 'does kill the session' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session' do
- travel_to 1.minute.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeout fallback from admin to default' do
- let(:user) { create(:admin) }
- before do
- Setting.set('session_timeout', { admin: '0', default: 30.minutes.to_s })
- end
- it 'does kill the session' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does also kill the session of deleted users' do
- user.destroy
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session' do
- travel_to 1.minute.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeouts all disabled' do
- let(:user) { create(:admin) }
- before do
- Setting.set('session_timeout', { admin: '0', default: '0' })
- end
- it 'does not kill the session because all timeouts are disabled in 1 hour' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- it 'does also kill the session of deleted users' do
- user.destroy
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
- end
- it 'does not kill the session because all timeouts are disabled in 1 minute' do
- travel_to 1.minute.from_now
- expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
- end
- end
- context 'with timeout and a dead session in the past' do
- let(:user) { create(:admin) }
- before do
- Setting.set('session_timeout', { admin: 30.minutes.to_s })
- travel_to 10.hours.ago
- create(:active_session, user: user)
- travel_to 10.hours.from_now
- end
- it 'does a frontend logout for the user' do
- allow(PushMessages).to receive(:send_to)
- travel_to 1.hour.from_now
- described_class.perform_now
- expect(PushMessages).to have_received(:send_to).with(user.id, { event: 'session_timeout' }).twice
- end
- it 'does not init a frontend logout for the user because he does not exist anymore' do
- allow(PushMessages).to receive(:send_to)
- user.destroy
- travel_to 1.hour.from_now
- described_class.perform_now
- expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
- end
- it 'does not init a frontend logout for the user because of an active session' do
- allow(PushMessages).to receive(:send_to)
- travel_to 1.minute.from_now
- described_class.perform_now
- expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
- end
- end
- context 'without user in session' do
- let(:user) { create(:admin) }
- before do
- Setting.set('session_timeout', { admin: 30.minutes.to_s })
- create(:active_session, user: nil)
- end
- it 'does not crash' do
- travel_to 1.hour.from_now
- expect { described_class.perform_now }.not_to raise_error
- end
- end
- end
|