diff --git a/test/controllers.js b/test/controllers.js index 71b8e32a6d..5b5b1d7ce5 100644 --- a/test/controllers.js +++ b/test/controllers.js @@ -491,6 +491,78 @@ describe('Controllers', function () { }); }); + + describe('revoke session', function () { + var uid; + var jar; + var csrf_token; + var helpers = require('./helpers'); + before(function (done) { + user.create({username: 'revokeme', password: 'barbar'}, function (err, _uid) { + assert.ifError(err); + uid = _uid; + helpers.loginUser('revokeme', 'barbar', function (err, _jar, io, _csrf_token) { + assert.ifError(err); + jar = _jar; + csrf_token = _csrf_token; + done(); + }); + }); + }); + + it('should fail to revoke session with missing uuid', function (done) { + request.del(nconf.get('url') + '/api/user/revokeme/session', { + jar: jar, + headers: { + 'x-csrf-token': csrf_token + } + }, function (err, res, body) { + assert.ifError(err); + assert.equal(res.statusCode, 404); + done(); + }); + }); + + it('should fail if user doesn\'t exist', function (done) { + request.del(nconf.get('url') + '/api/user/doesnotexist/session/1112233', { + jar: jar, + headers: { + 'x-csrf-token': csrf_token + } + }, function (err, res, body) { + assert.ifError(err); + assert.equal(res.statusCode, 500); + assert.equal(body, '[[error:no-session-found]]'); + done(); + }); + }); + + it('should revoke user session', function (done) { + db.getSortedSetRange('uid:' + uid + ':sessions', 0, -1, function (err, sids) { + assert.ifError(err); + var sid = sids[0]; + + db.sessionStore.get(sid, function (err, sessionObj) { + assert.ifError(err); + request.del(nconf.get('url') + '/api/user/revokeme/session/' + sessionObj.meta.uuid, { + jar: jar, + headers: { + 'x-csrf-token': csrf_token + } + }, function (err, res, body) { + assert.ifError(err); + assert.equal(res.statusCode, 200); + assert.equal(body, 'OK'); + console.log(err, res.statusCode, body); + done(); + }); + }); + }); + }); + + }); + + after(function (done) { db.emptydb(done); });