fix: active attribute based off IsActive checks (#2901)

ory · Nov 18, 2022 · bcbf68e · bcbf68e
1 parent 2d46209
commit bcbf68e
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 5 deletions.
diff --git a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json
@@ -1,7 +1,7 @@
 {
   "id": "7458af86-c1d8-401c-978a-8da89133f78b",
   "active": true,
-  "expires_at": "2013-10-07T08:23:19Z",
+  "expires_at": "2080-10-07T08:23:19Z",
   "authenticated_at": "2013-10-07T08:23:19Z",
   "authenticator_assurance_level": "aal2",
   "authentication_methods": [

diff --git a/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json b/persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json
@@ -1,6 +1,6 @@
 {
   "id": "7458af86-c1d8-401c-978a-8da89133f98b",
-  "active": true,
+  "active": false,
   "expires_at": "2013-10-07T08:23:19Z",
   "authenticated_at": "2013-10-07T08:23:19Z",
   "authenticator_assurance_level": "aal2",

diff --git a/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json b/persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json
@@ -1,6 +1,6 @@
 {
   "id": "dcde5aaa-f789-4d3d-ae1f-76da8d57e67c",
-  "active": true,
+  "active": false,
   "expires_at": "2013-10-07T08:23:19Z",
   "authenticated_at": "2013-10-07T08:23:19Z",
   "authenticator_assurance_level": "aal1",

diff --git a/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json b/persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json
@@ -1,6 +1,6 @@
 {
   "id": "f38cdebe-e567-42c9-a562-1bd4dee40998",
-  "active": true,
+  "active": false,
   "expires_at": "2013-10-07T08:23:19Z",
   "authenticated_at": "2013-10-07T08:23:19Z",
   "authenticator_assurance_level": "aal1",

diff --git a/persistence/sql/migratest/testdata/20210810153530_testdata.sql b/persistence/sql/migratest/testdata/20210810153530_testdata.sql
@@ -1,7 +1,7 @@
 INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at, created_at, updated_at, token, identity_id,
                       active, logout_token, aal, authentication_methods)
 VALUES ('7458af86-c1d8-401c-978a-8da89133f78b', '884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19',
-        '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',
+        '2080-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',
         'eVwBt7UAAAAVwBt7UWPw', '5ff66179-c240-4703-b0d8-494592cefff5', true, '123eVwBt7UAAAeVwBt7UWPw', 'aal2',
         '[{"method":"password"},{"method":"totp"}]');
 

diff --git a/session/handler_test.go b/session/handler_test.go
@@ -649,6 +649,52 @@ func TestHandlerAdminSessionManagement(t *testing.T) {
 		})
 	})
 
+	t.Run("case=session status should be false for inactive identity", func(t *testing.T) {
+		client := testhelpers.NewClientWithCookies(t)
+		var s *Session
+		require.NoError(t, faker.FakeData(&s))
+		s.Active = true
+		s.Identity.State = identity.StateInactive
+		require.NoError(t, reg.Persister().CreateIdentity(ctx, s.Identity))
+
+		assert.Equal(t, uuid.Nil, s.ID)
+		require.NoError(t, reg.SessionPersister().UpsertSession(ctx, s))
+		assert.NotEqual(t, uuid.Nil, s.ID)
+		assert.NotEqual(t, uuid.Nil, s.Identity.ID)
+
+		req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String()+"?expand=Identity", nil)
+		res, err := client.Do(req)
+		require.NoError(t, err)
+		assert.Equal(t, http.StatusOK, res.StatusCode)
+
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, err)
+		assert.Equal(t, "false", gjson.GetBytes(body, "active").String(), "%s", body)
+	})
+
+	t.Run("case=session status should be false when session expiry is past", func(t *testing.T) {
+		client := testhelpers.NewClientWithCookies(t)
+		var s *Session
+		require.NoError(t, faker.FakeData(&s))
+		s.Active = true
+		s.ExpiresAt = time.Now().Add(-time.Hour * 1)
+		require.NoError(t, reg.Persister().CreateIdentity(ctx, s.Identity))
+
+		assert.Equal(t, uuid.Nil, s.ID)
+		require.NoError(t, reg.SessionPersister().UpsertSession(ctx, s))
+		assert.NotEqual(t, uuid.Nil, s.ID)
+		assert.NotEqual(t, uuid.Nil, s.Identity.ID)
+
+		req, _ := http.NewRequest("GET", ts.URL+"/admin/sessions/"+s.ID.String(), nil)
+		res, err := client.Do(req)
+		require.NoError(t, err)
+		assert.Equal(t, http.StatusOK, res.StatusCode)
+
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, err)
+		assert.Equal(t, "false", gjson.GetBytes(body, "active").String(), "%s", body)
+	})
+
 	t.Run("case=should return 400 when bad UUID is sent", func(t *testing.T) {
 		client := testhelpers.NewClientWithCookies(t)
 

diff --git a/session/session.go b/session/session.go
@@ -148,6 +148,17 @@ func (s Session) TableName(ctx context.Context) string {
 	return "sessions"
 }
 
+func (s Session) MarshalJSON() ([]byte, error) {
+	type sl Session
+	s.Active = s.IsActive()
+
+	result, err := json.Marshal(sl(s))
+	if err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
 func (s *Session) CompletedLoginFor(method identity.CredentialsType, aal identity.AuthenticatorAssuranceLevel) {
 	s.AMR = append(s.AMR, AuthenticationMethod{Method: method, AAL: aal, CompletedAt: time.Now().UTC()})
 }