0.8/docs/sessions_8cpp_source.html

/*

 * Copyright (C) 2019-2021 Tobias Flaig.

 *

 * This file is part of nawa.

 *

 * nawa is free software: you can redistribute it and/or modify

 * it under the terms of the GNU Lesser General Public License,

 * version 3, as published by the Free Software Foundation.

 *

 * nawa is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public License

 * along with nawa.  If not, see <https://www.gnu.org/licenses/>.

 */


#include <catch2/catch.hpp>

#include <nawa/Exception.h>

#include <nawa/connection/Connection.h>

#include <nawa/connection/ConnectionInitContainer.h>

#include <nawa/session/Session.h>


using namespace nawa;

using namespace std;


TEST_CASE("nawa::Session class", "[unit][session]") {

    ConnectionInitContainer connectionInit;

    connectionInit.requestInit.environment["REMOTE_ADDR"] = "1.2.3.4";


    SECTION("Basic session handling") {

        string sessionId;

        {

            Connection connection(connectionInit);

            auto& session = connection.session();

            session.start();

            CHECK_NOTHROW(session.set("testKey", "testVal"));

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

            sessionId = session.getID();

        }

        {

            ConnectionInitContainer connectionInit1 = connectionInit;

            connectionInit1.requestInit.cookieVars.insert({"SESSION", sessionId});

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            REQUIRE(session.getID() == sessionId);

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

        }

    }


    SECTION("Session autostart") {

        ConnectionInitContainer connectionInit1 = connectionInit;

        connectionInit1.config.set({"session", "autostart"}, "on");

        string sessionId;

        {

            Connection connection(connectionInit1);

            auto& session = connection.session();

            CHECK_NOTHROW(session.set("testKey", "testVal"));

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

            sessionId = session.getID();

        }

        {

            connectionInit1.requestInit.cookieVars.insert({"SESSION", sessionId});

            Connection connection(connectionInit1);

            auto& session = connection.session();

            REQUIRE(session.getID() == sessionId);

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

        }

    }


    SECTION("Attempt to access and modify inactive session") {

        Connection connection(connectionInit);

        auto& session = connection.session();

        CHECK_THROWS_AS(session.set("testKey", "testVal"), Exception);

        CHECK_THROWS_AS(session.unset("testKey"), Exception);

        CHECK_NOTHROW(session["testKey"]);

    }


    SECTION("Invalidation of sessions") {

        Connection connection(connectionInit);

        auto& session = connection.session();

        session.start();

        CHECK_NOTHROW(session.set("testKey", "testVal"));

        session.invalidate();

        CHECK_THROWS_AS(session.set("testKey", "testVal"), Exception);

    }


    SECTION("Client IP check: same IP") {

        ConnectionInitContainer connectionInit1 = connectionInit;

        string clientIPCheckMode = GENERATE("lax", "strict");

        connectionInit1.config.set({"session", "validate_ip"}, clientIPCheckMode);

        string sessionId;

        {

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            CHECK_NOTHROW(session.set("testKey", "testVal"));

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

            sessionId = session.getID();

        }

        {

            connectionInit1.requestInit.cookieVars.insert({"SESSION", sessionId});

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            REQUIRE(session.getID() == sessionId);

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

        }

    }


    SECTION("Client IP check: different IP (lax)") {

        ConnectionInitContainer connectionInit1 = connectionInit;

        connectionInit1.config.set({"session", "validate_ip"}, "lax");

        string sessionId;

        {

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            CHECK_NOTHROW(session.set("testKey", "testVal"));

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

            sessionId = session.getID();

        }

        {

            ConnectionInitContainer connectionInit2 = connectionInit1;

            connectionInit2.requestInit.cookieVars.insert({"SESSION", sessionId});

            connectionInit2.requestInit.environment["REMOTE_ADDR"] = "1.2.3.5";

            Connection connection(connectionInit2);

            auto& session = connection.session();

            session.start();

            CHECK_FALSE(session.getID() == sessionId);

            CHECK_FALSE(session.isSet("testKey"));

        }

        {

            connectionInit1.requestInit.cookieVars.insert({"SESSION", sessionId});

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            REQUIRE(session.getID() == sessionId);

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

        }

    }


    SECTION("Client IP check: different IP (strict)") {

        ConnectionInitContainer connectionInit1 = connectionInit;

        connectionInit1.config.set({"session", "validate_ip"}, "strict");

        string sessionId;

        {

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            CHECK_NOTHROW(session.set("testKey", "testVal"));

            CHECK(any_cast<string>(session["testKey"]) == "testVal");

            sessionId = session.getID();

        }

        {

            ConnectionInitContainer connectionInit2 = connectionInit1;

            connectionInit2.requestInit.cookieVars.insert({"SESSION", sessionId});

            connectionInit2.requestInit.environment["REMOTE_ADDR"] = "1.2.3.5";

            Connection connection(connectionInit2);

            auto& session = connection.session();

            session.start();

            CHECK_FALSE(session.getID() == sessionId);

            CHECK_FALSE(session.isSet("testKey"));

        }

        {

            connectionInit1.requestInit.cookieVars.insert({"SESSION", sessionId});

            Connection connection(connectionInit1);

            auto& session = connection.session();

            session.start();

            CHECK_FALSE(session.getID() == sessionId);

            CHECK_FALSE(session.isSet("testKey"));

        }

    }

}

Connection.h
Response object to be passed back to NAWA and accessor to the request.

Exception.h
Exception class that can be used by apps to catch errors resulting from nawa function calls.

Session.h
Class for managing sessions and getting and setting connection-independent session data.

nawa::Connection
Definition: Connection.h:41

nawa::Connection::session
nawa::Session & session() noexcept
Definition: Connection.cpp:348

nawa::Exception
Definition: Exception.h:35

nawa::Session::start
void start(nawa::Cookie properties=Cookie())
Definition: Session.cpp:126

nawa
Definition: AppInit.h:31

TEST_CASE
TEST_CASE("nawa::Session class", "[unit][session]")
Definition: sessions.cpp:33