Dashboard API explorer

/api/user/set-session-verified (PATCH)

Account information like email addresses is generated with faker-js it is not real user information.

await global.api.user.SetSessionVerified.patch(req)

Returns object

{
  "sessionid": "sess_8d70fdf51b0b2b63",
  "object": "session",
  "appid": "tests_1656038582",
  "accountid": "acct_0e4dca04a8579892",
  "duration": 1200,
  "csrfToken": "0cdd7ea0406f53ea4b6d09e1f3be11abf35baadfa16ac43aab79b122f64dc9e9f829be1a11680045dd9497d2c0ee7998afbca2c35f74f9a7b82c226da818340e",
  "expiresAt": "2022-06-24T03:03:02.000Z",
  "lastVerifiedAt": "2022-06-24T02:43:02.000Z",
  "ended": false,
  "createdAt": "2022-06-24T02:43:02.855Z",
  "updatedAt": "2022-06-24T02:43:02.881Z"
}

Exceptions

These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:

Exception Circumstances
invalid-account ineligible querystring sessionid
invalid-sessionid missing querystring sessionid
invalid querystring sessionid

NodeJS source (view on github)

const dashboard = require('../../../../index.js')

module.exports = {
  patch: async (req) => {
    if (!req.query || !req.query.sessionid) {
      throw new Error('invalid-sessionid')
    }
    const session = await global.api.user.Session.get(req)
    if (session.accountid !== req.account.accountid) {
      throw new Error('invalid-account')
    }
    if (req.session.sessionid !== req.query.sessionid) {
      throw new Error('invalid-session')
    }
    if (!req || !req.body) {
      throw new Error('invalid-username')
    }
    if (!req.body.username || !req.body.username.length) {
      throw new Error('invalid-username')
    }
    if (!req.body.password || !req.body.password.length) {
      throw new Error('invalid-password')
    }
    if (global.minimumUsernameLength > req.body.username.length) {
      throw new Error('invalid-username-length')
    }
    if (global.minimumPasswordLength > req.body.password.length) {
      throw new Error('invalid-password-length')
    }
    let dashboardEncryptionKey = global.dashboardEncryptionKey
    if (req.server) {
      dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
    }
    const usernameHash = await dashboard.Hash.sha512Hash(req.body.username, dashboardEncryptionKey)
    const accountInfo = await dashboard.Storage.Account.findOne({
      where: {
        usernameHash,
        appid: req.appid || global.appid
      }
    })
    if (!accountInfo) {
      throw new Error('invalid-username')
    }
    if (accountInfo.dataValues.accountid !== req.account.accountid) {
      throw new Error('invalid-username')
    }
    const validPassword = await dashboard.Hash.bcryptHashCompare(req.body.password, accountInfo.dataValues.passwordHash, dashboardEncryptionKey)
    if (!validPassword) {
      throw new Error('invalid-password')
    }
    await dashboard.Storage.Session.update({
      lastVerifiedAt: new Date()
    }, {
      where: {
        sessionid: req.session.sessionid,
        appid: req.appid || global.appid
      }
    })
    await dashboard.StorageCache.remove(req.query.sessionid)
    req.session = await global.api.user.Session.get(req)
    return req.session
  }
}

Test source (view on github)

/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')

/* eslint-env mocha */
describe('/api/user/set-session-verified', () => {
  describe('exceptions', () => {
    describe('invalid-sessionid', () => {
      it('missing querystring sessionid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/session')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.get()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-sessionid')
      })

      it('invalid querystring sessionid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/set-session-verified?sessionid=invalid')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-sessionid')
      })
    })

    describe('invalid-account', () => {
      it('ineligible querystring sessionid', async () => {
        const user = await TestHelper.createUser()
        const user2 = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-session-verified?sessionid=${user2.session.sessionid}`)
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-account')
      })
    })
  })

  describe('returns', () => {
    it('object', async () => {
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/user/set-session-verified?sessionid=${user.session.sessionid}`)
      req.account = user.account
      req.session = user.session
      req.body = {
        username: user.account.username,
        password: user.account.password
      }
      req.filename = __filename
      req.saveResponse = true
      const sessionNow = await req.patch()
      assert.strictEqual(sessionNow.object, 'session')
    })
  })
})