From d219d9965d8dcaec00fb81296adcc16657619c29 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Tue, 2 Dec 2025 13:22:45 +0000 Subject: [PATCH] test: Add ValidateSession tests for API package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add comprehensive tests for the ValidateSession wrapper function covering: - Non-existent token (returns false) - Empty token (returns false) - Valid token (returns true) - Expired token (returns false) The ValidateSession function is a simple wrapper around the SessionStore's ValidateSession method, but having direct tests ensures the wrapper is exercised and documents its expected behavior. Coverage: ValidateSession 0% → 100% --- internal/api/auth_helpers_test.go | 60 +++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/internal/api/auth_helpers_test.go b/internal/api/auth_helpers_test.go index 69bdfc2..be880b2 100644 --- a/internal/api/auth_helpers_test.go +++ b/internal/api/auth_helpers_test.go @@ -5,6 +5,7 @@ import ( "net/http" "net/http/httptest" "testing" + "time" ) func TestDetectProxy(t *testing.T) { @@ -314,3 +315,62 @@ func TestGenerateSessionToken(t *testing.T) { } } } + +func TestValidateSession_NonExistentToken(t *testing.T) { + // Ensure session store is initialized + InitSessionStore(t.TempDir()) + + // A random token that doesn't exist should return false + result := ValidateSession("nonexistent-token-12345") + if result { + t.Error("ValidateSession should return false for non-existent token") + } +} + +func TestValidateSession_EmptyToken(t *testing.T) { + InitSessionStore(t.TempDir()) + + result := ValidateSession("") + if result { + t.Error("ValidateSession should return false for empty token") + } +} + +func TestValidateSession_ValidToken(t *testing.T) { + dir := t.TempDir() + InitSessionStore(dir) + + // Create a valid session with a generated token + store := GetSessionStore() + token := generateSessionToken() + store.CreateSession(token, 24*time.Hour, "test-agent", "127.0.0.1") + + result := ValidateSession(token) + if !result { + t.Error("ValidateSession should return true for valid token") + } +} + +func TestValidateSession_ExpiredToken(t *testing.T) { + dir := t.TempDir() + InitSessionStore(dir) + + // Create a session and manually expire it + store := GetSessionStore() + token := generateSessionToken() + store.CreateSession(token, 24*time.Hour, "test-agent", "127.0.0.1") + + // Manually expire the session by modifying the store + store.mu.Lock() + hash := sessionHash(token) + if session, exists := store.sessions[hash]; exists { + session.ExpiresAt = time.Now().Add(-1 * time.Hour) // Set to past + store.sessions[hash] = session + } + store.mu.Unlock() + + result := ValidateSession(token) + if result { + t.Error("ValidateSession should return false for expired token") + } +}