Rebuild actix-identity on top of actix-session (#246)

Co-authored-by: Rob Ede <robjtede@icloud.com>
2025-06-26 10:27:42 +02:00 · 2022-07-09 19:00:15 +01:00
parent b8f4a658a9
commit b1cea64795
15 changed files with 1155 additions and 1153 deletions
--- a/actix-identity/tests/integration/integration.rs
+++ b/actix-identity/tests/integration/integration.rs
@ -0,0 +1,168 @@
+use std::time::Duration;
+
+use actix_identity::{config::LogoutBehaviour, IdentityMiddleware};
+use actix_web::http::StatusCode;
+
+use crate::{fixtures::user_id, test_app::TestApp};
+
+#[actix_web::test]
+async fn opaque_401_is_returned_for_unauthenticated_users() {
+    let app = TestApp::spawn();
+
+    let response = app.get_identity_required().await;
+    assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
+    assert!(response.bytes().await.unwrap().is_empty());
+}
+
+#[actix_web::test]
+async fn login_works() {
+    let app = TestApp::spawn();
+    let user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+
+    // Access identity-restricted route successfully
+    let response = app.get_identity_required().await;
+    assert!(response.status().is_success());
+}
+
+#[actix_web::test]
+async fn logging_in_again_replaces_the_current_identity() {
+    let app = TestApp::spawn();
+    let first_user_id = user_id();
+    let second_user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(first_user_id.clone()).await;
+    assert_eq!(body.user_id, Some(first_user_id.clone()));
+
+    // Log-in again
+    let body = app.post_login(second_user_id.clone()).await;
+    assert_eq!(body.user_id, Some(second_user_id.clone()));
+
+    let body = app.get_current().await;
+    assert_eq!(body.user_id, Some(second_user_id.clone()));
+}
+
+#[actix_web::test]
+async fn session_key_is_renewed_on_login() {
+    let app = TestApp::spawn();
+    let user_id = user_id();
+
+    // Create an anonymous session
+    let body = app.post_increment().await;
+    assert_eq!(body.user_id, None);
+    assert_eq!(body.counter, 1);
+    assert_eq!(body.session_status, "changed");
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+    assert_eq!(body.counter, 1);
+    assert_eq!(body.session_status, "renewed");
+}
+
+#[actix_web::test]
+async fn logout_works() {
+    let app = TestApp::spawn();
+    let user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+
+    // Log-out
+    let response = app.post_logout().await;
+    assert!(response.status().is_success());
+
+    // Try to access identity-restricted route
+    let response = app.get_identity_required().await;
+    assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
+}
+
+#[actix_web::test]
+async fn logout_can_avoid_destroying_the_whole_session() {
+    let app = TestApp::spawn_with_config(
+        IdentityMiddleware::builder().logout_behaviour(LogoutBehaviour::DeleteIdentityKeys),
+    );
+    let user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+    assert_eq!(body.counter, 0);
+
+    // Increment counter
+    let body = app.post_increment().await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+    assert_eq!(body.counter, 1);
+
+    // Log-out
+    let response = app.post_logout().await;
+    assert!(response.status().is_success());
+
+    // Check the state of the counter attached to the session state
+    let body = app.get_current().await;
+    assert_eq!(body.user_id, None);
+    // It would be 0 if the session state had been entirely lost!
+    assert_eq!(body.counter, 1);
+}
+
+#[actix_web::test]
+async fn user_is_logged_out_when_login_deadline_is_elapsed() {
+    let login_deadline = Duration::from_millis(10);
+    let app = TestApp::spawn_with_config(
+        IdentityMiddleware::builder().login_deadline(Some(login_deadline)),
+    );
+    let user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+
+    // Wait for deadline to pass
+    actix_web::rt::time::sleep(login_deadline * 2).await;
+
+    let body = app.get_current().await;
+    // We have been logged out!
+    assert_eq!(body.user_id, None);
+}
+
+#[actix_web::test]
+async fn login_deadline_does_not_log_users_out_before_their_time() {
+    // 1 hour
+    let login_deadline = Duration::from_secs(60 * 60);
+    let app = TestApp::spawn_with_config(
+        IdentityMiddleware::builder().login_deadline(Some(login_deadline)),
+    );
+    let user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+
+    let body = app.get_current().await;
+    assert_eq!(body.user_id, Some(user_id));
+}
+
+#[actix_web::test]
+async fn user_is_logged_out_when_visit_deadline_is_elapsed() {
+    let visit_deadline = Duration::from_millis(10);
+    let app = TestApp::spawn_with_config(
+        IdentityMiddleware::builder().visit_deadline(Some(visit_deadline)),
+    );
+    let user_id = user_id();
+
+    // Log-in
+    let body = app.post_login(user_id.clone()).await;
+    assert_eq!(body.user_id, Some(user_id.clone()));
+
+    // Wait for deadline to pass
+    actix_web::rt::time::sleep(visit_deadline * 2).await;
+
+    let body = app.get_current().await;
+    // We have been logged out!
+    assert_eq!(body.user_id, None);
+}