Compare commits
9 Commits
develop
...
session-cr
Author | SHA1 | Date |
---|---|---|
John McLear | fbb92b589f | |
John McLear | 4904e7f486 | |
John McLear | d7fe2afad9 | |
John McLear | ead251a841 | |
John McLear | 4daa0fe030 | |
John McLear | 2d3f51fe89 | |
John McLear | fd285c7748 | |
John McLear | d696a048dc | |
John McLear | 3f2c8c6dae |
|
@ -41,4 +41,8 @@ module.exports = class SessionStore extends Store {
|
|||
logger.debug(`DESTROY ${sid}`);
|
||||
DB.db.remove(`sessionstorage:${sid}`, fn);
|
||||
}
|
||||
|
||||
store(fn) {
|
||||
Store.length(null, fn);
|
||||
}
|
||||
};
|
||||
|
|
|
@ -9,7 +9,7 @@ const readOnlyManager = require('../../db/ReadOnlyManager');
|
|||
|
||||
hooks.deprecationNotices.authFailure = 'use the authnFailure and authzFailure hooks instead';
|
||||
|
||||
const staticPathsRE = new RegExp(`^/(?:${[
|
||||
const staticPaths = [
|
||||
'api(?:/.*)?',
|
||||
'favicon\\.ico',
|
||||
'ep/pad/connection-diagnostic-info',
|
||||
|
@ -23,8 +23,10 @@ const staticPathsRE = new RegExp(`^/(?:${[
|
|||
'robots.txt',
|
||||
'static/.*',
|
||||
'stats/?',
|
||||
'tests/frontend(?:/.*)?'
|
||||
].join('|')})$`);
|
||||
'tests/frontend(?:/.*)?',
|
||||
];
|
||||
|
||||
const staticPathsRE = new RegExp(`^/(?:${staticPaths.join('|')})$`);
|
||||
|
||||
exports.normalizeAuthzLevel = (level) => {
|
||||
if (!level) return false;
|
||||
|
@ -198,3 +200,5 @@ exports.expressConfigure = (hookName, args, cb) => {
|
|||
args.app.use((req, res, next) => { checkAccess(req, res, next).catch(next); });
|
||||
return cb();
|
||||
};
|
||||
|
||||
exports.staticPaths = staticPaths;
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
'use strict';
|
||||
|
||||
const assert = require('assert').strict;
|
||||
const common = require('../../common');
|
||||
const settings = require('../../../../node/utils/Settings');
|
||||
const shouldNotCreateExpressSession =
|
||||
require('../../../../node/hooks/express/webaccess').staticPaths;
|
||||
const fs = require('fs');
|
||||
const SessionStore = require('../../../../node/db/SessionStore');
|
||||
const store = new SessionStore;
|
||||
let agent;
|
||||
|
||||
const shouldCreateExpressSession = [
|
||||
'/p/foo',
|
||||
'/p/foo/export/html',
|
||||
'/socket.io',
|
||||
'/ep_example',
|
||||
'/admin',
|
||||
];
|
||||
|
||||
describe(__filename, function () {
|
||||
before(async function () { agent = await common.init(); });
|
||||
|
||||
describe('Express Session Creation on endpoint', function () {
|
||||
if (settings.dbType !== 'dirty') this.skip;
|
||||
|
||||
this.timeout(100);
|
||||
for (const endpoint of shouldNotCreateExpressSession) {
|
||||
it(endpoint, async function () {
|
||||
const previousCount = store.length();
|
||||
await agent.get(endpoint)
|
||||
.expect(200)
|
||||
.expect((res) => {
|
||||
const hasExpressSessionCookie =
|
||||
res.headers['set-cookie'][0].indexOf('express_sid');
|
||||
assert(hasExpressSessionCookie === -1);
|
||||
const newCount = store.length();
|
||||
assert(newCount === previousCount);
|
||||
})
|
||||
});
|
||||
}
|
||||
|
||||
for (let endpoint of shouldCreateExpressSession) {
|
||||
// clean up endpoint as it's designed for use in regex
|
||||
endpoint = endpoint.split('(')[0];
|
||||
endpoint = endpoint.replace('\\', '');
|
||||
endpoint = endpoint.replace('.*', '');
|
||||
endpoint = endpoint.replace('?', '');
|
||||
const previousCount = store.length();
|
||||
it(endpoint, async function () {
|
||||
await agent.get(endpoint)
|
||||
.expect(200)
|
||||
.expect((res) => {
|
||||
console.error(res.headers['set-cookie']);
|
||||
const hasExpressSessionCookie =
|
||||
res.headers['set-cookie'][0].indexOf('express_sid');
|
||||
assert(hasExpressSessionCookie !== -1);
|
||||
const newCount = store.length();
|
||||
console.log(newCount);
|
||||
assert(newCount > previousCount);
|
||||
})
|
||||
});
|
||||
}
|
||||
|
||||
});
|
||||
});
|
Loading…
Reference in New Issue