/api/administrator/session (GET)
Account information like email addresses is generated with faker-js it is not real user information.
await global.api.administrator.Session.get(req)Returns object
{
"sessionid": "sess_ea09c249282418f4",
"object": "session",
"appid": "tests_1656038571",
"accountid": "acct_37c5ceab5eb51011",
"duration": 1200,
"csrfToken": "3763b3215c719499ee35699462d5d87c1a3f44eaf40e3b0f9e00cf958a52f2f1c7a74f7b874b87048f6554480a192c2877c1f365a98ee8969564ddcee3a915e9",
"expiresAt": "2022-06-24T03:02:51.000Z",
"lastVerifiedAt": "2022-06-24T02:42:51.000Z",
"ended": false,
"createdAt": "2022-06-24T02:42:51.155Z",
"updatedAt": "2022-06-24T02:42:51.155Z"
}Exceptions
These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:
| Exception | Circumstances |
|---|---|
| invalid-sessionid | unspecified querystring accountid |
| invalid querystring sessionid |
NodeJS source (view on github)
const dashboard = require('../../../../index.js')
module.exports = {
get: async (req) => {
if (!req.query || !req.query.sessionid) {
throw new Error('invalid-sessionid')
}
let session = await dashboard.StorageCache.get(req.query.sessionid)
if (!session) {
let sessionInfo
try {
sessionInfo = await dashboard.Storage.Session.findOne({
where: {
sessionid: req.query.sessionid,
appid: req.appid || global.appid
}
})
} catch (error) {
}
if (!sessionInfo) {
throw new Error('invalid-sessionid')
}
session = {}
for (const field of sessionInfo._options.attributes) {
session[field] = sessionInfo.get(field)
}
await dashboard.StorageCache.set(req.query.sessionid, session)
}
delete (session.tokenHash)
if (!session.ended) {
const query = req.query
req.query.accountid = session.accountid
const account = await global.api.administrator.Account.get(req)
req.query = query
if (session.sessionKeyNumber < account.sessionKeyNumber) {
session.ended = account.sessionKeyLastResetAt
} else if (new Date(session.expiresAt).getTime() <= new Date().getTime()) {
session.ended = session.expiresAt
}
}
return session
}
}
Test source (view on github)
/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')
describe('/api/administrator/session', () => {
describe('exceptions', () => {
describe('invalid-sessionid', () => {
it('unspecified querystring accountid', async () => {
const administrator = await TestHelper.createOwner()
const req = TestHelper.createRequest('/api/administrator/session')
req.account = administrator.account
req.session = administrator.session
let errorMessage
try {
await req.get()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-sessionid')
})
it('invalid querystring sessionid', async () => {
const administrator = await TestHelper.createOwner()
const req = TestHelper.createRequest('/api/administrator/session?sessionid=invalid')
req.account = administrator.account
req.session = administrator.session
let errorMessage
try {
await req.get()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-sessionid')
})
})
})
describe('returns', () => {
it('object', async () => {
const administrator = await TestHelper.createOwner()
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/administrator/session?sessionid=${user.session.sessionid}`)
req.account = administrator.account
req.session = administrator.session
req.filename = __filename
req.saveResponse = true
const session = await req.get()
assert.strictEqual(session.sessionid, user.session.sessionid)
assert.strictEqual(session.accountid, user.session.accountid)
})
})
describe('redacts', () => {
it('tokenHash', async () => {
const administrator = await TestHelper.createOwner()
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/administrator/session?sessionid=${user.session.sessionid}`)
req.account = administrator.account
req.session = administrator.session
const session = await req.get()
assert.strictEqual(session.tokenHash, undefined)
})
})
})