@toruslabs/session-manager
Version:
273 lines (238 loc) • 10.8 kB
text/typescript
import { SESSION_SERVER_API_URL } from "@toruslabs/constants";
import { beforeEach, describe, expect, test } from "vitest";
import { SessionManager } from "../src/sessionManager";
describe("SessionManager", () => {
describe("Input Validation", () => {
test("should throw error if sessionId is not set", async () => {
const sessionManager = new SessionManager({});
await expect(async () => {
await sessionManager.createSession({});
}).rejects.toThrow("Session id is required");
});
test("should use default base url if not set", () => {
const sessionManager = new SessionManager({});
expect(sessionManager.sessionServerBaseUrl).toBe(SESSION_SERVER_API_URL);
});
test("should use provided base url if set", () => {
const sessionManager = new SessionManager({ sessionServerBaseUrl: "https://example.com" });
expect(sessionManager.sessionServerBaseUrl).toBe("https://example.com");
});
test("should keep sessionNamespace undefined if not set", () => {
const sessionManager = new SessionManager({});
expect(sessionManager.sessionNamespace).toBeUndefined();
});
test("should use provided session namespace if set", () => {
const sessionManager = new SessionManager({ sessionNamespace: "test" });
expect(sessionManager.sessionNamespace).toBe("test");
});
test("should use default session time if not set", () => {
const sessionManager = new SessionManager({});
expect(sessionManager.sessionTime).toBe(86400);
});
test("should use provided session time if set", () => {
const sessionManager = new SessionManager({ sessionTime: 1000 });
expect(sessionManager.sessionTime).toBe(1000);
});
test("should keep allowedOrigin '*' if not set", () => {
const sessionManager = new SessionManager({});
expect(sessionManager.allowedOrigin).toBe("*");
});
test("should use provided allowedOrigin if set", () => {
const sessionManager = new SessionManager({ allowedOrigin: "https://example.com" });
expect(sessionManager.allowedOrigin).toBe("https://example.com");
});
});
describe("Session Creation Flow", () => {
let sessionManager: SessionManager<{ testData: string }>;
let sessionId: string;
beforeEach(() => {
sessionId = SessionManager.generateRandomSessionKey();
sessionManager = new SessionManager({ sessionId });
});
test("should create and authorize session", async () => {
// Step 1: Create session
await sessionManager.createSession({ testData: "test" });
// Step 2: Authorize and verify data
const sessionData = await sessionManager.authorizeSession();
expect(sessionData).toEqual({ testData: "test" });
});
});
describe("Session Update Flow", () => {
let sessionManager: SessionManager<{ testData: string }>;
beforeEach(async () => {
const sessionId = SessionManager.generateRandomSessionKey();
sessionManager = new SessionManager({ sessionId });
await sessionManager.createSession({ testData: "test" });
});
test("should update and verify session data", async () => {
// Step 1: Update session
await sessionManager.updateSession({ testData: "test2" });
// Step 2: Verify updated data
const sessionData = await sessionManager.authorizeSession();
expect(sessionData).toEqual({ testData: "test2" });
});
});
describe("Session Invalidation Flow", () => {
let sessionManager: SessionManager<{ testData: string }>;
let sessionId: string;
beforeEach(async () => {
sessionId = SessionManager.generateRandomSessionKey();
sessionManager = new SessionManager({ sessionId });
await sessionManager.createSession({ testData: "test" });
});
test("should invalidate session correctly", async () => {
// Step 1: Invalidate session
await sessionManager.invalidateSession();
expect(sessionManager.sessionId).toBe("");
// Step 2: Restore session ID
sessionManager.sessionId = sessionId;
// Step 3: Verify session is empty
const sessionData = await sessionManager.authorizeSession();
expect(sessionData).toEqual({});
});
});
describe("Session Key Generation", () => {
test("should generate valid session key", () => {
const sessionKey = SessionManager.generateRandomSessionKey();
expect(sessionKey).toHaveLength(64);
expect(sessionKey).toMatch(/^[0-9a-f]+$/);
});
});
describe("Timeout Validation", () => {
test("should throw error if timout expires", async () => {
const sessionManager = new SessionManager({
sessionId: SessionManager.generateRandomSessionKey(),
sessionTime: 1,
});
await sessionManager.createSession({ testData: "test" });
await new Promise((resolve) => {
setTimeout(resolve, 2000);
});
await expect(sessionManager.authorizeSession()).rejects.toThrow();
});
test("should allow if time is not expired", async () => {
const sessionManager = new SessionManager({
sessionId: SessionManager.generateRandomSessionKey(),
sessionTime: 1000,
});
await sessionManager.createSession({ testData: "test" });
await new Promise((resolve) => {
setTimeout(resolve, 500);
});
await expect(sessionManager.authorizeSession()).resolves.toEqual({ testData: "test" });
});
});
describe("Origin Validation", () => {
let sessionManager: SessionManager<{ testData: string }>;
let sessionId: string;
beforeEach(() => {
sessionId = SessionManager.generateRandomSessionKey();
// Initialize with specific allowed origin
sessionManager = new SessionManager({
sessionId,
allowedOrigin: "https://example.com",
});
});
test("should accept request from allowed origin", async () => {
// Create session with matching origin header
await sessionManager.createSession({ testData: "test" }, { origin: "https://example.com" });
const sessionData = await sessionManager.authorizeSession({
headers: { origin: "https://example.com" },
});
expect(sessionData).toEqual({ testData: "test" });
});
test("should reject request from disallowed origin", async () => {
// Create session
await sessionManager.createSession({ testData: "test" }, { origin: "https://example.com" });
// Try to authorize from different origin
await expect(
sessionManager.authorizeSession({
headers: { origin: "https://malicious-site.com" },
})
).rejects.toThrow();
});
test("should accept any origin when allowedOrigin is *", async () => {
// Create new session manager with wildcard origin
const wildcardManager = new SessionManager({
sessionId,
allowedOrigin: "*",
});
await wildcardManager.createSession({ testData: "test" }, { origin: "https://any-site.com" });
const sessionData = await wildcardManager.authorizeSession({
headers: { origin: "https://different-site.com" },
});
expect(sessionData).toEqual({ testData: "test" });
});
test("should accept empty origin when allowedOrigin is *", async () => {
const wildcardManager = new SessionManager({
sessionId,
allowedOrigin: "*",
});
await wildcardManager.createSession({ testData: "test" }, { origin: "" });
const sessionData = await wildcardManager.authorizeSession();
expect(sessionData).toEqual({ testData: "test" });
});
test("should throw error if missing origin header", async () => {
await sessionManager.createSession({ testData: "test" }, { origin: "https://example.com" });
// Try to authorize without origin header
await expect(
sessionManager.authorizeSession({
headers: {},
})
).rejects.toThrow();
});
test("should return session data if allowedOrigin: TRUE, origin: empty", async () => {
// Create session with origin as true
const newSessionId = SessionManager.generateRandomSessionKey();
const sessionManagerWithTrueOrigin = new SessionManager({
sessionId: newSessionId,
allowedOrigin: true,
});
await sessionManagerWithTrueOrigin.createSession({ testData: "test" });
const sessionData = await sessionManagerWithTrueOrigin.authorizeSession();
expect(sessionData).toEqual({ testData: "test" });
});
test("should throw error if allowedOrigin: TRUE, origin: set", async () => {
// Create session with origin as true
const newSessionId = SessionManager.generateRandomSessionKey();
const sessionManagerWithTrueOrigin = new SessionManager({
sessionId: newSessionId,
allowedOrigin: true,
});
await sessionManagerWithTrueOrigin.createSession({ testData: "test" }, { origin: "https://example.com" });
await expect(async () => {
await sessionManagerWithTrueOrigin.authorizeSession();
}).rejects.toThrow();
});
test("should return session data if allowedOrigin: FALSE, origin: empty", async () => {
// Create session with origin as true
const newSessionId = SessionManager.generateRandomSessionKey();
const sessionManagerWithFalseOrigin = new SessionManager({
sessionId: newSessionId,
allowedOrigin: false,
});
await sessionManagerWithFalseOrigin.createSession({ testData: "test" });
const sessionData = await sessionManagerWithFalseOrigin.authorizeSession();
expect(sessionData).toEqual({ testData: "test" });
});
test("should return session data if allowedOrigin: FALSE, origin: set", async () => {
// Create session with origin as true
const newSessionId = SessionManager.generateRandomSessionKey();
const sessionManagerWithFalseOrigin = new SessionManager({
sessionId: newSessionId,
allowedOrigin: false,
});
await sessionManagerWithFalseOrigin.createSession({ testData: "test" }, { origin: "https://example.com" });
const sessionData = await sessionManagerWithFalseOrigin.authorizeSession();
expect(sessionData).toEqual({ testData: "test" });
});
});
describe("Data Decryption Errors", () => {
test("should throw error if data decryption fails", async () => {
const sessionKey = SessionManager.generateRandomSessionKey();
const sessionManager = new SessionManager({ sessionId: sessionKey });
await sessionManager.createSession({ testData: "test", error: "Something went wrong" });
await expect(sessionManager.authorizeSession()).rejects.toThrow("There was an error decrypting data.");
});
});
});