/t/t-session.lisp

http://github.com/mtravers/wuwei · Lisp · 100 lines · 80 code · 12 blank · 8 comment · 0 complexity · f6e8796b9879eb0687be1fece99607b6 MD5 · raw file

  1. (in-package :wu)
  2. (5am:def-suite :session :in :wuwei)
  3. (5am:in-suite :session)
  4. ;;; Tests of session and login machinery
  5. ;;; Test dropping a cookie to establish session
  6. (5am:test session-basics
  7. (publish :path (test-path "session1")
  8. :function #'(lambda (req ent)
  9. (with-session (req ent)
  10. (with-http-response-and-body (req ent)
  11. (html (:html (:body "foo")))))))
  12. (let ((cookie-jar (make-instance 'net.aserve.client:cookie-jar)))
  13. (multiple-value-bind (response response-code response-headers)
  14. (net.aserve.client::do-http-request (test-url "session1")
  15. :cookies cookie-jar)
  16. (declare (ignore response response-headers))
  17. (5am:is (equal 200 response-code))
  18. (5am:is (net.aserve.client::cookie-jar-items cookie-jar)))))
  19. (def-session-variable *test-2* 0)
  20. ;;; Test session variable machinery without a web trip
  21. (5am:test session-variables
  22. (let ((*session* (make-new-session nil nil)))
  23. (with-session-variables
  24. (5am:is (equal 0 *test-2*))
  25. (incf *test-2*))
  26. (let ((*test-2* nil))
  27. (with-session-variables
  28. (5am:is (equal 1 *test-2*))))))
  29. (def-session-variable *test-session-var* 0)
  30. ;;; Test that session state is working (combines the above two)
  31. (5am:test session-state
  32. (publish :path (test-path "session2")
  33. :function #'(lambda (req ent)
  34. (with-session (req ent)
  35. (with-http-response-and-body (req ent)
  36. (html (:html (:body (:princ "v") (:princ *test-session-var*))))
  37. (incf *test-session-var*)
  38. ))))
  39. (let ((cookie-jar (make-instance 'net.aserve.client:cookie-jar)))
  40. (multiple-value-bind (response response-code response-headers)
  41. (net.aserve.client::do-http-request (test-url "session2")
  42. :cookies cookie-jar)
  43. (declare (ignore response-headers))
  44. (5am:is (equal 200 response-code))
  45. (5am:is (net.aserve.client::cookie-jar-items cookie-jar))
  46. (5am:is (search "v0" response)))
  47. (multiple-value-bind (response response-code response-headers)
  48. (net.aserve.client::do-http-request (test-url "session2")
  49. :cookies cookie-jar)
  50. (declare (ignore response-code response-headers))
  51. (5am:is (search "v1" response)))
  52. ))
  53. (defun test-login (req ent)
  54. (with-http-response-and-body (req ent)
  55. (render-update
  56. (:redirect "/login"))))
  57. ;;; This is how you do a login. Note that the make-new-session has to be OUTSIDE the with-http-response-and-body, to allow the cookies to be set early.
  58. (publish :path (test-path "login")
  59. :function #'(lambda (req ent)
  60. (setq *session* (make-new-session req ent))
  61. (with-http-response-and-body (req ent)
  62. (html "logged in"))
  63. ))
  64. ;;; Tests protection of an ajax method against unlogged-in users, and logging in.
  65. (5am:test login-required
  66. (let* ((test nil)
  67. (url (format nil "http://localhost:~A~A"
  68. *test-port*
  69. (ajax-continuation (:login-handler 'test-login :keep t)
  70. (setq test t)
  71. (render-update (:alert "snockity"))))))
  72. (let ((res (net.aserve.client:do-http-request url :method :post :query '((:bogus . "value")))))
  73. (5am:is (not test)) ;should NOT run the continuation
  74. ;; Should be getting a redirect command back
  75. (5am:is (search "window.location.href" res)))
  76. ;; simulate a login and try again
  77. (let ((cookie-jar (make-instance 'net.aserve.client:cookie-jar)))
  78. (multiple-value-bind (response response-code response-headers)
  79. (net.aserve.client::do-http-request (test-url "login")
  80. :cookies cookie-jar)
  81. (declare (ignore response response-headers))
  82. (5am:is (equal 200 response-code))
  83. (5am:is (net.aserve.client::cookie-jar-items cookie-jar))
  84. (let ((res (net.aserve.client:do-http-request url :method :post :query '((:bogus . "value"))
  85. :cookies cookie-jar)))
  86. (5am:is-true test)
  87. (5am:is (search "alert(" res)))
  88. ))))