From 22d1b3c31ebe82fc82ac3c8be427939a70a5a789 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 25 Dec 2023 21:00:51 +0800 Subject: [PATCH 1/6] Fix session key conflict with database keyword --- models/auth/session.go | 17 ++++++++++------- models/auth/session_test.go | 30 ++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 models/auth/session_test.go diff --git a/models/auth/session.go b/models/auth/session.go index 60fdeaba7c203..75a205f702b56 100644 --- a/models/auth/session.go +++ b/models/auth/session.go @@ -41,12 +41,15 @@ func ReadSession(ctx context.Context, key string) (*Session, error) { } defer committer.Close() - session, exist, err := db.Get[Session](ctx, builder.Eq{"key": key}) + session, exist, err := db.Get[Session](ctx, builder.Eq{"`key`": key}) if err != nil { return nil, err } else if !exist { - session.Expiry = timeutil.TimeStampNow() - if err := db.Insert(ctx, &session); err != nil { + session = &Session{ + Key: key, + Expiry: timeutil.TimeStampNow(), + } + if err := db.Insert(ctx, session); err != nil { return nil, err } } @@ -56,7 +59,7 @@ func ReadSession(ctx context.Context, key string) (*Session, error) { // ExistSession checks if a session exists func ExistSession(ctx context.Context, key string) (bool, error) { - return db.Exist[Session](ctx, builder.Eq{"key": key}) + return db.Exist[Session](ctx, builder.Eq{"`key`": key}) } // DestroySession destroys a session @@ -75,13 +78,13 @@ func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, er } defer committer.Close() - if has, err := db.Exist[Session](ctx, builder.Eq{"key": newKey}); err != nil { + if has, err := db.Exist[Session](ctx, builder.Eq{"`key`": newKey}); err != nil { return nil, err } else if has { return nil, fmt.Errorf("session Key: %s already exists", newKey) } - if has, err := db.Exist[Session](ctx, builder.Eq{"key": oldKey}); err != nil { + if has, err := db.Exist[Session](ctx, builder.Eq{"`key`": oldKey}); err != nil { return nil, err } else if !has { if err := db.Insert(ctx, &Session{ @@ -96,7 +99,7 @@ func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, er return nil, err } - s, _, err := db.Get[Session](ctx, builder.Eq{"key": newKey}) + s, _, err := db.Get[Session](ctx, builder.Eq{"`key`": newKey}) if err != nil { // is not exist, it should be impossible return nil, err diff --git a/models/auth/session_test.go b/models/auth/session_test.go new file mode 100644 index 0000000000000..a7b8bc55b8846 --- /dev/null +++ b/models/auth/session_test.go @@ -0,0 +1,30 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package auth_test + +import ( + "testing" + + "code.gitea.io/gitea/models/auth" + "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/models/unittest" + + "github.com/stretchr/testify/assert" +) + +func Test_RegenerateSession(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + exist, err := auth.ExistSession(db.DefaultContext, "new_key") + assert.NoError(t, err) + assert.False(t, exist) + + sess, err := auth.RegenerateSession(db.DefaultContext, "", "new_key") + assert.NoError(t, err) + assert.EqualValues(t, "new_key", sess.Key) + + sess, err = auth.ReadSession(db.DefaultContext, "new_key2") + assert.NoError(t, err) + assert.EqualValues(t, "new_key2", sess.Key) +} From e6f5174dcf914478a96bb494afb786723d8c7c49 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 25 Dec 2023 21:17:46 +0800 Subject: [PATCH 2/6] Move test to integration so that every database will run it --- {models/auth => tests/integration}/session_test.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) rename {models/auth => tests/integration}/session_test.go (82%) diff --git a/models/auth/session_test.go b/tests/integration/session_test.go similarity index 82% rename from models/auth/session_test.go rename to tests/integration/session_test.go index a7b8bc55b8846..aa9f5033d8ea0 100644 --- a/models/auth/session_test.go +++ b/tests/integration/session_test.go @@ -1,7 +1,7 @@ -// Copyright 2019 The Gitea Authors. All rights reserved. +// Copyright 2023 The Gitea Authors. All rights reserved. // SPDX-License-Identifier: MIT -package auth_test +package integration import ( "testing" @@ -9,11 +9,14 @@ import ( "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/unittest" + "code.gitea.io/gitea/tests" "github.com/stretchr/testify/assert" ) func Test_RegenerateSession(t *testing.T) { + defer tests.PrepareTestEnv(t)() + assert.NoError(t, unittest.PrepareTestDatabase()) exist, err := auth.ExistSession(db.DefaultContext, "new_key") From 2713fe282a38817f6f21098b7314a90e1fa746b4 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 26 Dec 2023 13:54:38 +0800 Subject: [PATCH 3/6] Fix test --- tests/integration/session_test.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/integration/session_test.go b/tests/integration/session_test.go index aa9f5033d8ea0..fd650dd6c1c6a 100644 --- a/tests/integration/session_test.go +++ b/tests/integration/session_test.go @@ -19,15 +19,17 @@ func Test_RegenerateSession(t *testing.T) { assert.NoError(t, unittest.PrepareTestDatabase()) - exist, err := auth.ExistSession(db.DefaultContext, "new_key") + key := "new_key890123456" // it must be 16 characters long + key2 := "new_key890123457" // it must be 16 characters + exist, err := auth.ExistSession(db.DefaultContext, key) assert.NoError(t, err) assert.False(t, exist) - sess, err := auth.RegenerateSession(db.DefaultContext, "", "new_key") + sess, err := auth.RegenerateSession(db.DefaultContext, "", key) assert.NoError(t, err) - assert.EqualValues(t, "new_key", sess.Key) + assert.EqualValues(t, key, sess.Key) - sess, err = auth.ReadSession(db.DefaultContext, "new_key2") + sess, err = auth.ReadSession(db.DefaultContext, key2) assert.NoError(t, err) - assert.EqualValues(t, "new_key2", sess.Key) + assert.EqualValues(t, key2, sess.Key) } From 230715849a6e025556155e35b368569fe92d5058 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 26 Dec 2023 13:55:36 +0800 Subject: [PATCH 4/6] Add more assertions --- tests/integration/session_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/session_test.go b/tests/integration/session_test.go index fd650dd6c1c6a..646c024ded06c 100644 --- a/tests/integration/session_test.go +++ b/tests/integration/session_test.go @@ -28,8 +28,10 @@ func Test_RegenerateSession(t *testing.T) { sess, err := auth.RegenerateSession(db.DefaultContext, "", key) assert.NoError(t, err) assert.EqualValues(t, key, sess.Key) + assert.EqualValues(t, nil, sess.Data) sess, err = auth.ReadSession(db.DefaultContext, key2) assert.NoError(t, err) assert.EqualValues(t, key2, sess.Key) + assert.EqualValues(t, nil, sess.Data) } From a9aa699b43708f1f48796f6ba7132cb8a5a4880a Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 26 Dec 2023 14:59:46 +0800 Subject: [PATCH 5/6] fix test --- tests/integration/session_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/session_test.go b/tests/integration/session_test.go index 646c024ded06c..28b485742b0ff 100644 --- a/tests/integration/session_test.go +++ b/tests/integration/session_test.go @@ -28,10 +28,10 @@ func Test_RegenerateSession(t *testing.T) { sess, err := auth.RegenerateSession(db.DefaultContext, "", key) assert.NoError(t, err) assert.EqualValues(t, key, sess.Key) - assert.EqualValues(t, nil, sess.Data) + assert.EqualValues(t, []byte(nil), sess.Data) sess, err = auth.ReadSession(db.DefaultContext, key2) assert.NoError(t, err) assert.EqualValues(t, key2, sess.Key) - assert.EqualValues(t, nil, sess.Data) + assert.EqualValues(t, []byte(nil), sess.Data) } From 14a90adcf62a7b886ec004b5b551fca5f52ea543 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 26 Dec 2023 19:14:22 +0800 Subject: [PATCH 6/6] Fix test --- tests/integration/session_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/session_test.go b/tests/integration/session_test.go index 28b485742b0ff..d47148efa23a8 100644 --- a/tests/integration/session_test.go +++ b/tests/integration/session_test.go @@ -28,10 +28,10 @@ func Test_RegenerateSession(t *testing.T) { sess, err := auth.RegenerateSession(db.DefaultContext, "", key) assert.NoError(t, err) assert.EqualValues(t, key, sess.Key) - assert.EqualValues(t, []byte(nil), sess.Data) + assert.Len(t, sess.Data, 0) sess, err = auth.ReadSession(db.DefaultContext, key2) assert.NoError(t, err) assert.EqualValues(t, key2, sess.Key) - assert.EqualValues(t, []byte(nil), sess.Data) + assert.Len(t, sess.Data, 0) }