spec/features/profiles/active_sessions_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
  let(:user) do
    create(:user).tap do |user|
      user.current_sign_in_at = Time.current
    end
  end

  let(:admin) { create(:admin) }

  before do
    stub_feature_flags(bootstrap_confirmation_modals: false)
  end

  it 'user sees their active sessions' do
    travel_to(Time.zone.parse('2018-03-12 09:06')) do
      Capybara::Session.new(:session1)
      Capybara::Session.new(:session2)
      Capybara::Session.new(:session3)

      # note: headers can only be set on the non-js (aka. rack-test) driver
      using_session :session1 do
        Capybara.page.driver.header(
          'User-Agent',
          'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0'
        )

        gitlab_sign_in(user)
      end

      # set an additional session on another device
      using_session :session2 do
        Capybara.page.driver.header(
          'User-Agent',
          'Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B466 [FBDV/iPhone7,2]'
        )

        gitlab_sign_in(user)
      end

      # set an admin session impersonating the user
      using_session :session3 do
        Capybara.page.driver.header(
          'User-Agent',
          'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
        )

        gitlab_sign_in(admin)
        gitlab_enable_admin_mode_sign_in(admin)

        visit admin_user_path(user)

        click_link 'Impersonate'
      end

      using_session :session1 do
        visit profile_active_sessions_path

        expect(page).to(
          have_selector('ul.list-group li.list-group-item', text: 'Signed in on',
                                                              count: 2))

        expect(page).to have_content(
          '127.0.0.1 ' \
          'This is your current session ' \
          'Firefox on Ubuntu ' \
          'Signed in on 12 Mar 09:06'
        )

        expect(page).to have_selector '[title="Desktop"]', count: 1

        expect(page).to have_content(
          '127.0.0.1 ' \
          'Last accessed on 12 Mar 09:06 ' \
          'Mobile Safari on iOS ' \
          'Signed in on 12 Mar 09:06'
        )

        expect(page).to have_selector '[title="Smartphone"]', count: 1

        expect(page).not_to have_content('Chrome on Windows')
      end
    end
  end

  it 'user can revoke a session', :js do
    Capybara::Session.new(:session1)
    Capybara::Session.new(:session2)

    # set an additional session in another browser
    using_session :session2 do
      gitlab_sign_in(user)
    end

    using_session :session1 do
      gitlab_sign_in(user)
      visit profile_active_sessions_path

      expect(page).to have_link('Revoke', count: 1)

      accept_confirm { click_on 'Revoke' }

      expect(page).not_to have_link('Revoke')
    end

    using_session :session2 do
      visit profile_active_sessions_path

      expect(page).to have_content('You need to sign in or sign up before continuing.')
    end
  end
end