add SessionTimeout logic

This commit is contained in:
root
2026-03-10 16:45:08 -04:00
parent 2e9a391280
commit 311bb93977
15 changed files with 534 additions and 292 deletions
@@ -0,0 +1,123 @@
<?php
namespace Tests\Feature\Api\V1\Auth;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class SessionTimeoutControllerTest extends TestCase
{
use RefreshDatabase;
public function test_config_returns_timeout_values(): void
{
$user = $this->seedUser();
Sanctum::actingAs($user);
$response = $this->getJson('/api/v1/session/timeout-config');
$response->assertOk();
$response->assertJsonPath('status', true);
$this->assertArrayHasKey('timeout', $response->json('data.config'));
$this->assertArrayHasKey('keep_alive_url', $response->json('data.config'));
}
public function test_check_timeout_returns_active_status(): void
{
$user = $this->seedUser();
Sanctum::actingAs($user);
$response = $this
->withSession(['last_activity' => time() - 10])
->getJson('/api/v1/session/check-timeout');
$response->assertOk();
$response->assertJsonPath('status', true);
$response->assertJsonPath('data.session.status', 'active');
}
public function test_check_timeout_returns_warning_status(): void
{
$user = $this->seedUser();
Sanctum::actingAs($user);
$response = $this
->withSession(['last_activity' => time() - 1000])
->getJson('/api/v1/session/check-timeout');
$response->assertOk();
$response->assertJsonPath('status', true);
$response->assertJsonPath('data.session.status', 'warning');
}
public function test_check_timeout_returns_expired_status(): void
{
$user = $this->seedUser();
Sanctum::actingAs($user);
$response = $this
->withSession(['last_activity' => time() - 5000])
->getJson('/api/v1/session/check-timeout');
$response->assertStatus(401);
$response->assertJsonPath('status', false);
$response->assertJsonPath('errors.status', 'expired');
}
public function test_ping_updates_activity(): void
{
$user = $this->seedUser();
Sanctum::actingAs($user);
$response = $this
->withSession(['last_activity' => time() - 10])
->postJson('/api/v1/session/ping');
$response->assertOk();
$response->assertJsonPath('status', true);
$response->assertJsonPath('data.session.status', 'active');
}
public function test_ping_returns_expired_when_missing_activity(): void
{
$user = $this->seedUser();
Sanctum::actingAs($user);
$response = $this->postJson('/api/v1/session/ping');
$response->assertStatus(401);
$response->assertJsonPath('status', false);
}
public function test_requires_authentication(): void
{
$response = $this->getJson('/api/v1/session/timeout-config');
$response->assertStatus(401);
}
private function seedUser(): User
{
$userId = DB::table('users')->insertGetId([
'firstname' => 'Admin',
'lastname' => 'User',
'cellphone' => '9999999999',
'email' => 'session@example.com',
'address_street' => '123 Street',
'city' => 'City',
'state' => 'ST',
'zip' => '12345',
'accept_school_policy' => 1,
'password' => bcrypt('password'),
'user_type' => 'primary',
'semester' => 'Fall',
'school_year' => '2025-2026',
'status' => 'Active',
]);
return User::query()->findOrFail($userId);
}
}
@@ -0,0 +1,42 @@
<?php
namespace Tests\Unit\Services\Auth;
use App\Services\Auth\SessionActivityService;
use Illuminate\Session\ArraySessionHandler;
use Illuminate\Session\Store;
use Tests\TestCase;
class SessionActivityServiceTest extends TestCase
{
public function test_set_and_get_last_activity(): void
{
$store = $this->makeSessionStore();
$service = new SessionActivityService($store);
$service->setLastActivity(12345);
$this->assertTrue($service->hasLastActivity());
$this->assertSame(12345, $service->getLastActivity());
}
public function test_clear_last_activity(): void
{
$store = $this->makeSessionStore();
$service = new SessionActivityService($store);
$service->setLastActivity(12345);
$service->clearLastActivity();
$this->assertFalse($service->hasLastActivity());
}
private function makeSessionStore(): Store
{
$handler = new ArraySessionHandler(10);
$store = new Store('test', $handler);
$store->start();
return $store;
}
}
@@ -0,0 +1,22 @@
<?php
namespace Tests\Unit\Services\Auth;
use App\Services\Auth\SessionTimeoutConfigService;
use Tests\TestCase;
class SessionTimeoutConfigServiceTest extends TestCase
{
public function test_config_returns_expected_keys(): void
{
$service = new SessionTimeoutConfigService();
$config = $service->config();
$this->assertArrayHasKey('timeout', $config);
$this->assertArrayHasKey('warning_time', $config);
$this->assertArrayHasKey('check_interval', $config);
$this->assertArrayHasKey('logout_url', $config);
$this->assertArrayHasKey('keep_alive_url', $config);
$this->assertArrayHasKey('check_url', $config);
}
}
@@ -0,0 +1,51 @@
<?php
namespace Tests\Unit\Services\Auth;
use App\Config\SessionTimeout;
use App\Services\Auth\SessionActivityService;
use App\Services\Auth\SessionTimeoutService;
use Mockery;
use Tests\TestCase;
class SessionTimeoutServiceTest extends TestCase
{
public function test_check_timeout_returns_expired_when_missing_activity(): void
{
$activity = Mockery::mock(SessionActivityService::class);
$activity->shouldReceive('hasLastActivity')->andReturn(false);
$activity->shouldReceive('clearLastActivity')->once();
$activity->shouldReceive('invalidate')->once();
$service = new SessionTimeoutService($activity);
$result = $service->checkTimeout();
$this->assertSame('expired', $result['status']);
}
public function test_check_timeout_returns_warning(): void
{
$activity = Mockery::mock(SessionActivityService::class);
$activity->shouldReceive('hasLastActivity')->andReturn(true);
$activity->shouldReceive('getLastActivity')->andReturn(time() - (SessionTimeout::WARNING_THRESHOLD + 10));
$service = new SessionTimeoutService($activity);
$result = $service->checkTimeout();
$this->assertSame('warning', $result['status']);
}
public function test_ping_returns_expired_when_timed_out(): void
{
$activity = Mockery::mock(SessionActivityService::class);
$activity->shouldReceive('hasLastActivity')->andReturn(true);
$activity->shouldReceive('getLastActivity')->andReturn(time() - (SessionTimeout::TIMEOUT_DURATION + 10));
$activity->shouldReceive('clearLastActivity')->once();
$activity->shouldReceive('invalidate')->once();
$service = new SessionTimeoutService($activity);
$result = $service->pingActivity();
$this->assertSame('expired', $result['status']);
}
}