mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-04 23:45:07 +00:00
fix: check that session token can already be used to avoid permission denied
This commit is contained in:
parent
2816f9a4f5
commit
7ed57b0e1c
@ -8,6 +8,7 @@ import (
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/logging"
|
||||
"google.golang.org/grpc"
|
||||
@ -634,6 +635,19 @@ func (i *Instance) CreateVerifiedWebAuthNSessionWithLifetime(t *testing.T, ctx c
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
retryDuration, tick := WaitForAndTickWithMaxDuration(ctx, time.Minute)
|
||||
require.EventuallyWithT(t,
|
||||
func(tt *assert.CollectT) {
|
||||
resp, err := i.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
SessionToken: gu.Ptr(updateResp.GetSessionToken()),
|
||||
})
|
||||
assert.NoError(tt, err)
|
||||
assert.Equal(tt, createResp.GetSessionId(), resp.GetSession().GetId())
|
||||
}, retryDuration, tick, "awaiting successful usage of token failed",
|
||||
)
|
||||
|
||||
return createResp.GetSessionId(), updateResp.GetSessionToken(),
|
||||
createResp.GetDetails().GetChangeDate().AsTime(), updateResp.GetDetails().GetChangeDate().AsTime()
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user