/api/user/session (GET)

Account information like email addresses is generated with faker-js it is not real user information.

await global.api.user.Session.get(req)

Returns object

{
  "sessionid": "sess_3ad168b356171508",
  "object": "session",
  "appid": "tests_1656038580",
  "accountid": "acct_098a2661cabcd4eb",
  "duration": 1200,
  "csrfToken": "ba1db24c226c481b01856bf2d926889c3c1622d320d8efe5ff957ad62f696c74e009f7c7f72a6e924e40ace41dc56f7d7aec3f80a6d1d841bc723805a5975a47",
  "expiresAt": "2022-06-24T03:03:00.000Z",
  "lastVerifiedAt": "2022-06-24T02:43:00.000Z",
  "ended": false,
  "createdAt": "2022-06-24T02:43:00.104Z",
  "updatedAt": "2022-06-24T02:43:00.104Z"
}

Exceptions

These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:

Exception	Circumstances
invalid-account	ineligible querystring sessionid
invalid-sessionid	missing querystring sessionid
invalid-sessionid	invalid querystring sessionid

NodeJS source (view on github)

const dashboard = require('../../../../index.js')

module.exports = {
  get: async (req) => {
    if (!req.query || !req.query.sessionid) {
      throw new Error('invalid-sessionid')
    }
    let session = await dashboard.StorageCache.get(req.query.sessionid)
    if (!session) {
      let sessionInfo
      try {
        sessionInfo = await dashboard.Storage.Session.findOne({
          where: {
            sessionid: req.query.sessionid,
            appid: req.appid || global.appid
          }
        })
      } catch (error) {
      }
      if (!sessionInfo) {
        throw new Error('invalid-sessionid')
      }
      session = {}
      for (const field of sessionInfo._options.attributes) {
        session[field] = sessionInfo.get(field)
      }
      await dashboard.StorageCache.set(req.query.sessionid, session)
    }
    if (session.accountid !== req.account.accountid) {
      throw new Error('invalid-account')
    }
    delete (session.tokenHash)
    if (!session.ended) {
      if (session.sessionKeyNumber < req.account.sessionKeyNumber) {
        session.ended = req.account.sessionKeyLastResetAt
      } else if (new Date(session.expiresAt).getTime() <= new Date().getTime()) {
        session.ended = session.expiresAt
      }
    }
    return session
  }
}

Test source (view on github)

/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')

describe('/api/user/session', () => {
  describe('exceptions', () => {
    describe('invalid-sessionid', () => {
      it('missing querystring sessionid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/session')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.get()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-sessionid')
      })

      it('invalid querystring sessionid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/session?sessionid=invalid')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.get()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-sessionid')
      })
    })

    describe('invalid-account', () => {
      it('ineligible querystring sessionid', async () => {
        const user = await TestHelper.createUser()
        const user2 = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/session?sessionid=${user2.session.sessionid}`)
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.get()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-account')
      })
    })
  })

  describe('returns', () => {
    it('object', async () => {
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/user/session?sessionid=${user.session.sessionid}`)
      req.account = user.account
      req.session = user.session
      req.filename = __filename
      req.saveResponse = true
      const session = await req.get()
      assert.strictEqual(session.object, 'session')
    })
  })

  describe('redacts', () => {
    it('tokenHash', async () => {
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/user/session?sessionid=${user.session.sessionid}`)
      req.account = user.account
      req.session = user.session
      const session = await req.get()
      assert.strictEqual(session.tokenHash, undefined)
    })
  })
})

Top of page

Dashboard API explorer

Dashboard

MaxMind GeoIP

Organizations

Stripe Connect

Stripe Subscriptions

OAuth

Example app

Example subscription app

/api/user/session (GET)

Returns object

Exceptions

NodeJS source (view on github)

Test source (view on github)