keii.dev
1<?php
2
3// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
4// See the LICENCE file in the repository root for full licence text.
5
6declare(strict_types=1);
7
8namespace Tests\Controllers\Account;
9
10use App\Libraries\Session\Store as SessionStore;
11use App\Models\User;
12use Tests\TestCase;
13
14class SessionsControllerTest extends TestCase
15{
16 public function testDestroyOther(): void
17 {
18 $user = User::factory()->create();
19 $oldSessionId = $this->createVerifiedSession($user)->getId();
20
21 $session = $this->createVerifiedSession($user);
22
23 $this
24 ->withPersistentSession($session)
25 ->delete(route('account.sessions.destroy', ['session' => $oldSessionId]))
26 ->assertSuccessful();
27
28 $sessionIds = SessionStore::ids($user->getKey());
29 $this->assertContains($session->getId(), $sessionIds);
30 $this->assertNotContains($oldSessionId, $sessionIds);
31 $this->assertNull(SessionStore::findOrNew($oldSessionId)->userId());
32 }
33
34 public function testDestroyOtherUser(): void
35 {
36 $otherUser = User::factory()->create();
37 $otherUserSessionId = $this->createVerifiedSession($otherUser)->getId();
38
39 $user = User::factory()->create();
40 $session = $this->createVerifiedSession($user);
41
42 $this
43 ->withPersistentSession($session)
44 ->delete(route('account.sessions.destroy', ['session' => $otherUserSessionId]))
45 ->assertStatus(404);
46
47 $this->assertSame(
48 $otherUser->getKey(),
49 SessionStore::findOrNew($otherUserSessionId)->userId(),
50 );
51 }
52
53 public function testDestroySelf(): void
54 {
55 $user = User::factory()->create();
56 $session = $this->createVerifiedSession($user);
57 $sessionId = $session->getId();
58
59 $this
60 ->withPersistentSession($session)
61 ->delete(route('account.sessions.destroy', ['session' => $sessionId]))
62 ->assertSuccessful();
63
64 $this->assertNull(SessionStore::findOrNew($sessionId)->userId());
65 }
66}