1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state, feature_category: :user_profile do
include Spec::Support::Helpers::ModalHelpers
let(:user) do
create(:user).tap do |user|
user.current_sign_in_at = Time.current
end
end
let(:admin) { create(:admin) }
it 'user sees their active sessions' do
travel_to(Time.zone.parse('2018-03-12 09:06')) do
# note: headers can only be set on the non-js (aka. rack-test) driver
using_session :session1 do
Capybara.page.driver.header(
'User-Agent',
'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0'
)
gitlab_sign_in(user)
end
# set an additional session on another device
using_session :session2 do
Capybara.page.driver.header(
'User-Agent',
'Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B466 [FBDV/iPhone7,2]'
)
gitlab_sign_in(user)
end
# set an admin session impersonating the user
using_session :session3 do
Capybara.page.driver.header(
'User-Agent',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
)
gitlab_sign_in(admin)
enable_admin_mode!(admin)
visit admin_user_path(user)
click_link 'Impersonate'
end
using_session :session1 do
visit user_settings_active_sessions_path
expect(page).to(have_selector('ul.list-group li.list-group-item', text: 'Signed in on', count: 2))
expect(page).to have_content(
'127.0.0.1 ' \
'This is your current session ' \
'Firefox on Ubuntu ' \
'Signed in on 12 Mar 09:06'
)
expect(page).to have_selector '[title="Desktop"]', count: 1
expect(page).to have_content(
'127.0.0.1 ' \
'Last accessed on 12 Mar 09:06 ' \
'Mobile Safari on iOS ' \
'Signed in on 12 Mar 09:06'
)
expect(page).to have_selector '[title="Smartphone"]', count: 1
expect(page).not_to have_content('Chrome on Windows')
end
end
end
it 'admin sees if the session is with admin mode', :enable_admin_mode do
using_session :admin_session do
gitlab_sign_in(admin)
visit user_settings_active_sessions_path
expect(page).to have_content('with Admin Mode')
end
end
it 'does not display admin mode text in case its not' do
using_session :admin_session do
gitlab_sign_in(admin)
visit user_settings_active_sessions_path
expect(page).not_to have_content('with Admin Mode')
end
end
it 'user can revoke a session', :js do
# set an additional session in another browser
using_session :session2 do
gitlab_sign_in(user)
end
using_session :session1 do
gitlab_sign_in(user)
visit user_settings_active_sessions_path
expect(page).to have_link('Revoke', count: 1)
accept_gl_confirm(button_text: 'Revoke') do
click_on 'Revoke'
end
expect(page).not_to have_link('Revoke')
end
using_session :session2 do
visit user_settings_active_sessions_path
expect(page).to have_content('You need to sign in or sign up before continuing.')
end
end
it 'load_raw_session does load known attributes only' do
new_session = ActiveSession.send(:load_raw_session,
'v2:{"ip_address": "127.0.0.1", "browser": "Firefox", "os": "Debian",' \
'"device_type": "desktop", "session_id": "8f62cc7383c",' \
'"new_attribute": "unknown attribute"}'
)
expect(new_session).to have_attributes(
ip_address: "127.0.0.1",
browser: "Firefox",
os: "Debian",
device_type: "desktop",
session_id: "8f62cc7383c"
)
end
end
|
