plausible/analytics
1
1
Fork 0
mirror of https://github.com/plausible/analytics.git synced 2024-12-26 02:55:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
4a36148f9b
analytics/test/plausible_web/plugs/user_session_touch_test.exs

60 lines
1.8 KiB
Elixir
Raw Normal View History

Implement token-based sessions (#4463) * Turn `Plausible.Auth.UserSession` into full schema * Implement token based sessions and use them as default * Ignore expired user sessions during retrieval from DB * Implement plug bumping user session last used and timeout timestamps * Implement Oban worker removing expired user sessions with grace period * Implement legacy session conversion on touch, when applicable * Update `UserAuth` moduledoc * Extend `UserAuth` tests to account for db-backed session tokens * Update CHANGELOG * Add tests for `UserSessionTouch` plug * Add test for `CleanUserSessions` worker * Add logging of legacy session retrievals * Use single update permitting stale records when touching user session * Don't fetch session and user for external API endpoints (/api/event too) * Refactor `Users.with_subscription/1` and expose helper query * Skip fetching session in legacy `SessionTimeoutPlug` * Rely on user session assign from `AuthContext` in `SentryContext` * Silence legacy session warnings in `UserSessionTouchTest` * Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug` * Change `UserAuth` to get session, user and last subscription in one go * Avoid refetching user session in `AuthorizeSiteAccess` plug * Fix code formatting * Refactor `UserAuth.get_user_token/1` (h/t @aerosol) * Remove bogus empty opts from `scope` declarations in router * Only touch session once an hour and keep `user.last_seen` in sync * Bring back logging of legacy token use
2024-09-03 12:34:37 +03:00
defmodule PlausibleWeb.Plugs.UserSessionTouchTest do
use PlausibleWeb.ConnCase, async: true
alias Plausible.Repo
alias PlausibleWeb.AuthPlug
alias PlausibleWeb.Plugs.UserSessionTouch
setup [:create_user, :log_in]
@moduletag :capture_log
test "refreshes session", %{conn: conn, user: user} do
now = NaiveDateTime.utc_now(:second)
one_day_ago = NaiveDateTime.shift(now, day: -1)
%{sessions: [user_session]} = Repo.preload(user, :sessions)
Fix faulty `UserSessionTouchTest` setup (#4517)
2024-09-03 13:53:06 +03:00
user_session
|> Plausible.Auth.UserSession.touch_session(one_day_ago)
|> Repo.update!(allow_stale: true)
Implement token-based sessions (#4463) * Turn `Plausible.Auth.UserSession` into full schema * Implement token based sessions and use them as default * Ignore expired user sessions during retrieval from DB * Implement plug bumping user session last used and timeout timestamps * Implement Oban worker removing expired user sessions with grace period * Implement legacy session conversion on touch, when applicable * Update `UserAuth` moduledoc * Extend `UserAuth` tests to account for db-backed session tokens * Update CHANGELOG * Add tests for `UserSessionTouch` plug * Add test for `CleanUserSessions` worker * Add logging of legacy session retrievals * Use single update permitting stale records when touching user session * Don't fetch session and user for external API endpoints (/api/event too) * Refactor `Users.with_subscription/1` and expose helper query * Skip fetching session in legacy `SessionTimeoutPlug` * Rely on user session assign from `AuthContext` in `SentryContext` * Silence legacy session warnings in `UserSessionTouchTest` * Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug` * Change `UserAuth` to get session, user and last subscription in one go * Avoid refetching user session in `AuthorizeSiteAccess` plug * Fix code formatting * Refactor `UserAuth.get_user_token/1` (h/t @aerosol) * Remove bogus empty opts from `scope` declarations in router * Only touch session once an hour and keep `user.last_seen` in sync * Bring back logging of legacy token use
2024-09-03 12:34:37 +03:00
assert %{assigns: %{current_user_session: user_session}} =
conn
|> AuthPlug.call([])
|> UserSessionTouch.call([])
assert NaiveDateTime.compare(user_session.last_used_at, now) in [:gt, :eq]
assert NaiveDateTime.compare(user_session.timeout_at, user_session.last_used_at) == :gt
end
test "passes through when there's no authenticated session" do
conn =
build_conn()
|> init_session()
|> put_session(:login_dest, "/")
|> UserSessionTouch.call([])
refute conn.halted
assert get_session(conn, :login_dest) == "/"
refute get_session(conn, :current_user_id)
refute get_session(conn, :user_token)
end
test "converts legacy session when present", %{user: user} do
%{sessions: [other_session]} = Repo.preload(user, :sessions)
conn =
build_conn()
|> init_session()
|> put_session(:current_user_id, user.id)
|> AuthPlug.call([])
|> UserSessionTouch.call([])
refute get_session(conn, :current_user_id)
assert user_token = get_session(conn, :user_token)
assert conn.assigns.current_user_session.id
assert conn.assigns.current_user_session.id != other_session.id
assert conn.assigns.current_user_session.token == user_token
end
end
Reference in New Issue Copy Permalink