feat: add possibility to set an expiration to a session (#6851)

* add lifetime to session api * extend session with lifetime * check session token expiration * fix typo * integration test to check session token expiration * integration test to check session token expiration * i18n * cleanup * improve tests * prevent negative lifetime * fix error message * fix lifetime check
2025-08-11 20:07:32 +00:00 · 2023-11-06 11:48:28 +02:00
parent ce322323aa
commit f3b8a3aece
35 changed files with 608 additions and 151 deletions
--- a/internal/command/auth_request_test.go
+++ b/internal/command/auth_request_test.go
@@ -327,7 +327,67 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 				sessionID: "sessionID",
 			},
 			res{
-				wantErr: caos_errs.ThrowNotFound(nil, "COMMAND-x0099887", "Errors.Session.NotExisting"),
+				wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Flk38", "Errors.Session.NotExisting"),
+			},
+		},
+		{
+			"session expired",
+			fields{
+				eventstore: eventstoreExpect(t,
+					expectFilter(
+						eventFromEventPusher(
+							authrequest.NewAddedEvent(mockCtx, &authrequest.NewAggregate("V2_id", "instanceID").Aggregate,
+								"loginClient",
+								"clientID",
+								"redirectURI",
+								"state",
+								"nonce",
+								[]string{"openid"},
+								[]string{"audience"},
+								domain.OIDCResponseTypeCode,
+								nil,
+								nil,
+								nil,
+								nil,
+								nil,
+								nil,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							session.NewAddedEvent(mockCtx,
+								&session.NewAggregate("sessionID", "org1").Aggregate,
+								&domain.UserAgent{
+									FingerprintID: gu.Ptr("fp1"),
+									IP:            net.ParseIP("1.2.3.4"),
+									Description:   gu.Ptr("firefox"),
+									Header:        http.Header{"foo": []string{"bar"}},
+								},
+							)),
+						eventFromEventPusher(
+							session.NewUserCheckedEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
+								"userID", testNow.Add(-5*time.Minute)),
+						),
+						eventFromEventPusher(
+							session.NewPasswordCheckedEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
+								testNow.Add(-5*time.Minute)),
+						),
+						eventFromEventPusher(
+							session.NewLifetimeSetEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
+								2*time.Minute),
+						),
+					),
+				),
+			},
+			args{
+				ctx:          mockCtx,
+				id:           "V2_id",
+				sessionID:    "sessionID",
+				sessionToken: "token",
+			},
+			res{
+				wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Hkl3d", "Errors.Session.Expired"),
 			},
 		},
 		{
@@ -475,6 +535,10 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 							session.NewPasswordCheckedEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
 								testNow),
 						),
+						eventFromEventPusherWithCreationDateNow(
+							session.NewLifetimeSetEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
+								2*time.Minute),
+						),
 					),
 					expectPush(
 						authrequest.NewSessionLinkedEvent(mockCtx, &authrequest.NewAggregate("V2_id", "instanceID").Aggregate,
@@ -559,6 +623,10 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 							session.NewPasswordCheckedEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
 								testNow),
 						),
+						eventFromEventPusherWithCreationDateNow(
+							session.NewLifetimeSetEvent(mockCtx, &session.NewAggregate("sessionID", "org1").Aggregate,
+								2*time.Minute),
+						),
 					),
 					expectPush(
 						authrequest.NewSessionLinkedEvent(mockCtx, &authrequest.NewAggregate("V2_id", "instanceID").Aggregate,