Gitly


1 import time
2 import x.sessions
3 
4 const max_age = time.second
5 const secret = 'session_test'.bytes()
6 
7 pub struct User {
8     name string
9     age  int
10 }
11 
12 const default_user = User{
13     name: 'john'
14     age:  99
15 }
16 
17 fn test_session_id() {
18     unverified_sid, sid_with_hmac := sessions.new_session_id(secret)
19     verified_sid, valid := sessions.verify_session_id(sid_with_hmac, secret)
20 
21     assert unverified_sid == verified_sid
22     assert valid
23 }
24 
25 fn test_forged_signature_rejected() {
26     // Create a valid session ID
27     sid, _ := sessions.new_session_id(secret)
28 
29     // Forge a cookie with valid session ID but invalid signature
30     forged_cookie := '${sid}.INVALID_SIGNATURE'
31     verified_sid, valid := sessions.verify_session_id(forged_cookie, secret)
32 
33     // Forged signature must be rejected
34     assert !valid
35     assert verified_sid == sid
36 }
37 
38 fn test_wrong_secret_rejected() {
39     // Create a session with one secret
40     _, signed_cookie := sessions.new_session_id(secret)
41 
42     // Try to verify with a different secret
43     wrong_secret := 'wrong_secret'.bytes()
44     _, valid := sessions.verify_session_id(signed_cookie, wrong_secret)
45 
46     // Must be rejected when using wrong secret
47     assert !valid
48 }
49 
50 fn test_malformed_cookie_rejected() {
51     // Cookie without signature separator
52     _, valid1 := sessions.verify_session_id('just_a_session_id', secret)
53     assert !valid1
54 
55     // Empty cookie
56     _, valid2 := sessions.verify_session_id('', secret)
57     assert !valid2
58 
59     // Cookie with empty parts
60     _, valid3 := sessions.verify_session_id('.', secret)
61     assert !valid3
62 }
63

1	import time
2	import x.sessions
3
4	const max_age = time.second
5	const secret = 'session_test'.bytes()
6
7	pub struct User {
8	name string
9	age int
10	}
11
12	const default_user = User{
13	name: 'john'
14	age: 99
15	}
16
17	fn test_session_id() {
18	unverified_sid, sid_with_hmac := sessions.new_session_id(secret)
19	verified_sid, valid := sessions.verify_session_id(sid_with_hmac, secret)
20
21	assert unverified_sid == verified_sid
22	assert valid
23	}
24
25	fn test_forged_signature_rejected() {
26	// Create a valid session ID
27	sid, _ := sessions.new_session_id(secret)
28
29	// Forge a cookie with valid session ID but invalid signature
30	forged_cookie := '${sid}.INVALID_SIGNATURE'
31	verified_sid, valid := sessions.verify_session_id(forged_cookie, secret)
32
33	// Forged signature must be rejected
34	assert !valid
35	assert verified_sid == sid
36	}
37
38	fn test_wrong_secret_rejected() {
39	// Create a session with one secret
40	_, signed_cookie := sessions.new_session_id(secret)
41
42	// Try to verify with a different secret
43	wrong_secret := 'wrong_secret'.bytes()
44	_, valid := sessions.verify_session_id(signed_cookie, wrong_secret)
45
46	// Must be rejected when using wrong secret
47	assert !valid
48	}
49
50	fn test_malformed_cookie_rejected() {
51	// Cookie without signature separator
52	_, valid1 := sessions.verify_session_id('just_a_session_id', secret)
53	assert !valid1
54
55	// Empty cookie
56	_, valid2 := sessions.verify_session_id('', secret)
57	assert !valid2
58
59	// Cookie with empty parts
60	_, valid3 := sessions.verify_session_id('.', secret)
61	assert !valid3
62	}
63