@Test public void generate_token_is_using_session_timeout_from_settings() { UserDto user = db.users().insertUser(); int sessionTimeoutInMinutes = 10; settings.setProperty("sonar.web.sessionTimeoutInMinutes", sessionTimeoutInMinutes); underTest = new JwtHttpHandler(system2, dbClient, settings.asConfig(), jwtSerializer, jwtCsrfVerifier); underTest.generateToken(user, request, response); verify(jwtSerializer).encode(jwtArgumentCaptor.capture()); verifyToken(jwtArgumentCaptor.getValue(), user, sessionTimeoutInMinutes * 60, NOW); }
@Test public void session_timeout_property_cannot_be_updated() { UserDto user = db.users().insertUser(); int firstSessionTimeoutInMinutes = 10; settings.setProperty("sonar.web.sessionTimeoutInMinutes", firstSessionTimeoutInMinutes); underTest = new JwtHttpHandler(system2, dbClient, settings.asConfig(), jwtSerializer, jwtCsrfVerifier); underTest.generateToken(user, request, response); // The property is updated, but it won't be taking into account settings.setProperty("sonar.web.sessionTimeoutInMinutes", 15); underTest.generateToken(user, request, response); verify(jwtSerializer, times(2)).encode(jwtArgumentCaptor.capture()); verifyToken(jwtArgumentCaptor.getAllValues().get(0), user,firstSessionTimeoutInMinutes * 60, NOW); verifyToken(jwtArgumentCaptor.getAllValues().get(1), user, firstSessionTimeoutInMinutes * 60, NOW); }
@Test public void session_timeout_property_cannot_be_zero() { settings.setProperty("sonar.web.sessionTimeoutInMinutes", 0); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("Property sonar.web.sessionTimeoutInMinutes must be strictly positive. Got 0"); new JwtHttpHandler(system2, dbClient, settings.asConfig(), jwtSerializer, jwtCsrfVerifier); }
@Test public void session_timeout_property_cannot_be_negative() { settings.setProperty("sonar.web.sessionTimeoutInMinutes", -10); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("Property sonar.web.sessionTimeoutInMinutes must be strictly positive. Got -10"); new JwtHttpHandler(system2, dbClient, settings.asConfig(), jwtSerializer, jwtCsrfVerifier); }
@Test public void session_timeout_property_cannot_be_greater_than_three_months() { settings.setProperty("sonar.web.sessionTimeoutInMinutes", 4 * 30 * 24 * 60); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("Property sonar.web.sessionTimeoutInMinutes must not be greater than 3 months (129600 minutes). Got 172800 minutes"); new JwtHttpHandler(system2, dbClient, settings.asConfig(), jwtSerializer, jwtCsrfVerifier); }