From 34b2e152430493c42666f2c7ff8474b7099e4a11 Mon Sep 17 00:00:00 2001 From: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com> Date: Fri, 21 Jun 2024 22:25:27 +0000 Subject: [PATCH 1/2] fix(users): fix expire error when creating user session Before this, the Create session API call would throw: > Invalid document structure: Missing required attribute "expire" This is because the `expire` attribute is required, but it was omitted from the document. This PR ensures the `expire` attribute is set when creating the session document. --- app/controllers/api/users.php | 2 +- tests/e2e/Services/Users/UsersBase.php | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 193f3f095e..9e7ad94623 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -1801,6 +1801,7 @@ App::post('/v1/users/:userId/sessions') 'userAgent' => $request->getUserAgent('UNKNOWN'), 'ip' => $request->getIP(), 'countryCode' => ($record) ? \strtolower($record['country']['iso_code']) : '--', + 'expire' => $expire, ], $detector->getOS(), $detector->getClient(), @@ -1812,7 +1813,6 @@ App::post('/v1/users/:userId/sessions') $session = $dbForProject->createDocument('sessions', $session); $session ->setAttribute('secret', $secret) - ->setAttribute('expire', $expire) ->setAttribute('countryName', $countryName); $queueForEvents diff --git a/tests/e2e/Services/Users/UsersBase.php b/tests/e2e/Services/Users/UsersBase.php index 6b48470b6e..a24b6f8161 100644 --- a/tests/e2e/Services/Users/UsersBase.php +++ b/tests/e2e/Services/Users/UsersBase.php @@ -290,6 +290,28 @@ trait UsersBase $this->assertArrayNotHasKey('secret', $token['body']); } + /** + * @depends testCreateUser + */ + public function testCreateSession(array $data): void + { + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_POST, '/users/' . $data['userId'] . '/sessions', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + $this->assertEquals(201, $response['headers']['status-code']); + + $session = $response['body']; + $this->assertEquals($data['userId'], $session['userId']); + $this->assertNotEmpty($session['secret']); + $this->assertNotEmpty($session['expire']); + $this->assertEquals('server', $session['provider']); + } + /** * Tests all optional parameters of createUser (email, phone, anonymous..) From 13027fac5bec966acf8b8512ac73597418886603 Mon Sep 17 00:00:00 2001 From: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com> Date: Fri, 21 Jun 2024 22:29:43 +0000 Subject: [PATCH 2/2] fix(users): update session secret to be longer The create session endpoint created a 6 character secret which is too short. This changes the secret to be 256 characters which is in line with the secret for `account.createEmailPasswordSession()`. --- app/controllers/api/users.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 9e7ad94623..dcc214972b 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -1784,7 +1784,7 @@ App::post('/v1/users/:userId/sessions') throw new Exception(Exception::USER_NOT_FOUND); } - $secret = Auth::codeGenerator(); + $secret = Auth::tokenGenerator(Auth::TOKEN_LENGTH_SESSION); $detector = new Detector($request->getUserAgent('UNKNOWN')); $record = $geodb->get($request->getIP());