Merge pull request #8308 from appwrite/fix-8280-expire-error-when-creating-session

Fix 'Missing required attribute "expire"' on `users.createSession()`
2026-05-23 17:08:45 +00:00 · 2024-06-25 13:43:03 +12:00 · 2024-06-25 13:43:03 +12:00 · 4ad987e4ef
commit 4ad987e4ef
parent ef203dc075 13027fac5b
2 changed files with 24 additions and 2 deletions
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@ -1784,7 +1784,7 @@ App::post('/v1/users/:userId/sessions')
            throw new Exception(Exception::USER_NOT_FOUND);
        }

-        $secret = Auth::codeGenerator();
+        $secret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_SESSION);
        $detector = new Detector($request->getUserAgent('UNKNOWN'));
        $record = $geodb->get($request->getIP());

@ -1801,6 +1801,7 @@ App::post('/v1/users/:userId/sessions')
                'userAgent' => $request->getUserAgent('UNKNOWN'),
                'ip' => $request->getIP(),
                'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--',
+                'expire' => $expire,
            ],
            $detector->getOS(),
            $detector->getClient(),
@ -1812,7 +1813,6 @@ App::post('/v1/users/:userId/sessions')
        $session = $dbForProject->createDocument('sessions', $session);
        $session
            ->setAttribute('secret', $secret)
-            ->setAttribute('expire', $expire)
            ->setAttribute('countryName', $countryName);

        $queueForEvents
--- a/tests/e2e/Services/Users/UsersBase.php
+++ b/tests/e2e/Services/Users/UsersBase.php
@ -290,6 +290,28 @@ trait UsersBase
        $this->assertArrayNotHasKey('secret', $token['body']);
    }

+    /**
+     * @depends testCreateUser
+     */
+    public function testCreateSession(array $data): void
+    {
+        /**
+         * Test for SUCCESS
+         */
+        $response = $this->client->call(Client::METHOD_POST, '/users/' . $data['userId'] . '/sessions', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()));
+
+        $this->assertEquals(201, $response['headers']['status-code']);
+
+        $session = $response['body'];
+        $this->assertEquals($data['userId'], $session['userId']);
+        $this->assertNotEmpty($session['secret']);
+        $this->assertNotEmpty($session['expire']);
+        $this->assertEquals('server', $session['provider']);
+    }
+

    /**
     * Tests all optional parameters of createUser (email, phone, anonymous..)