session_timeout_job_spec.rb 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe SessionTimeoutJob, type: :job do
  4. before do
  5. create(:active_session, user: user)
  6. end
  7. context 'with timeout admin' do
  8. let(:user) { create(:admin) }
  9. before do
  10. Setting.set('session_timeout', { admin: 30.minutes.to_s })
  11. end
  12. it 'does kill the session' do
  13. travel_to 1.hour.from_now
  14. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  15. end
  16. it 'does also kill the session of deleted users' do
  17. user.destroy
  18. travel_to 1.hour.from_now
  19. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  20. end
  21. it 'does not kill the session' do
  22. travel_to 1.minute.from_now
  23. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  24. end
  25. end
  26. context 'with timeout ticket.agent' do
  27. let(:user) { create(:agent) }
  28. before do
  29. Setting.set('session_timeout', { 'ticket.agent': 30.minutes.to_s })
  30. end
  31. it 'does kill the session' do
  32. travel_to 1.hour.from_now
  33. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  34. end
  35. it 'does not kill the session' do
  36. travel_to 1.minute.from_now
  37. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  38. end
  39. end
  40. context 'with timeout ticket.customer' do
  41. let(:user) { create(:customer) }
  42. before do
  43. Setting.set('session_timeout', { 'ticket.customer': 30.minutes.to_s })
  44. end
  45. it 'does kill the session' do
  46. travel_to 1.hour.from_now
  47. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  48. end
  49. it 'does not kill the session' do
  50. travel_to 1.minute.from_now
  51. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  52. end
  53. end
  54. context 'with timeout agent and customer' do
  55. let(:user) { create(:agent_and_customer) }
  56. before do
  57. Setting.set('session_timeout', { 'ticket.customer': 1.second.to_s, 'ticket.agent': 2.hours.to_s })
  58. end
  59. it 'does kill the session' do
  60. travel_to 1.day.from_now
  61. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  62. end
  63. it 'does not kill the session' do
  64. travel_to 1.hour.from_now
  65. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  66. end
  67. end
  68. context 'with timeout default' do
  69. let(:user) { create(:customer) }
  70. before do
  71. Setting.set('session_timeout', { default: 30.minutes.to_s })
  72. end
  73. it 'does kill the session' do
  74. travel_to 1.hour.from_now
  75. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  76. end
  77. it 'does not kill the session' do
  78. travel_to 1.minute.from_now
  79. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  80. end
  81. end
  82. context 'with timeout fallback from admin to default' do
  83. let(:user) { create(:admin) }
  84. before do
  85. Setting.set('session_timeout', { admin: '0', default: 30.minutes.to_s })
  86. end
  87. it 'does kill the session' do
  88. travel_to 1.hour.from_now
  89. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  90. end
  91. it 'does also kill the session of deleted users' do
  92. user.destroy
  93. travel_to 1.hour.from_now
  94. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  95. end
  96. it 'does not kill the session' do
  97. travel_to 1.minute.from_now
  98. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  99. end
  100. end
  101. context 'with timeouts all disabled' do
  102. let(:user) { create(:admin) }
  103. before do
  104. Setting.set('session_timeout', { admin: '0', default: '0' })
  105. end
  106. it 'does not kill the session because all timeouts are disabled in 1 hour' do
  107. travel_to 1.hour.from_now
  108. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  109. end
  110. it 'does also kill the session of deleted users' do
  111. user.destroy
  112. travel_to 1.hour.from_now
  113. expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
  114. end
  115. it 'does not kill the session because all timeouts are disabled in 1 minute' do
  116. travel_to 1.minute.from_now
  117. expect { described_class.perform_now }.not_to change(ActiveRecord::SessionStore::Session, :count)
  118. end
  119. end
  120. context 'with timeout and a dead session in the past' do
  121. let(:user) { create(:admin) }
  122. before do
  123. Setting.set('session_timeout', { admin: 30.minutes.to_s })
  124. travel_to 10.hours.ago
  125. create(:active_session, user: user)
  126. travel_to 10.hours.from_now
  127. end
  128. it 'does a frontend logout for the user' do
  129. allow(PushMessages).to receive(:send_to)
  130. travel_to 1.hour.from_now
  131. described_class.perform_now
  132. expect(PushMessages).to have_received(:send_to).with(user.id, { event: 'session_timeout' }).twice
  133. end
  134. it 'does not init a frontend logout for the user because he does not exist anymore' do
  135. allow(PushMessages).to receive(:send_to)
  136. user.destroy
  137. travel_to 1.hour.from_now
  138. described_class.perform_now
  139. expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
  140. end
  141. it 'does not init a frontend logout for the user because of an active session' do
  142. allow(PushMessages).to receive(:send_to)
  143. travel_to 1.minute.from_now
  144. described_class.perform_now
  145. expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' })
  146. end
  147. end
  148. context 'without user in session' do
  149. let(:user) { create(:admin) }
  150. before do
  151. Setting.set('session_timeout', { admin: 30.minutes.to_s })
  152. create(:active_session, user: nil)
  153. end
  154. it 'does not crash' do
  155. travel_to 1.hour.from_now
  156. expect { described_class.perform_now }.not_to raise_error
  157. end
  158. end
  159. end