feat: authsession service

authsession/internal/service/revokeallusersessions/consistency_test.go

@@ -0,0 +1,106 @@
+package revokeallusersessions
+
+import (
+	"context"
+	"errors"
+	"testing"
+	"time"
+
+	"galaxy/authsession/internal/domain/common"
+	"galaxy/authsession/internal/domain/devicesession"
+	"galaxy/authsession/internal/service/shared"
+	"galaxy/authsession/internal/testkit"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestExecuteRetriesProjectionPublishesForBulkRevoke(t *testing.T) {
+	t.Parallel()
+
+	store := &testkit.InMemorySessionStore{}
+	userDirectory := &testkit.InMemoryUserDirectory{}
+	publisher := &testkit.RecordingProjectionPublisher{
+		Errors: []error{
+			errors.New("publish failed"),
+			nil,
+			errors.New("publish failed"),
+			nil,
+		},
+	}
+	require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1")))
+	require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC())))
+	require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-2", "user-1", time.Unix(20, 0).UTC())))
+
+	service, err := New(store, userDirectory, publisher, testkit.FixedClock{Time: time.Unix(30, 0).UTC()})
+	require.NoError(t, err)
+
+	result, err := service.Execute(context.Background(), Input{
+		UserID:     "user-1",
+		ReasonCode: "logout_all",
+		ActorType:  "system",
+	})
+	require.NoError(t, err)
+	assert.Equal(t, "revoked", result.Outcome)
+	assert.EqualValues(t, 2, result.AffectedSessionCount)
+	assert.Equal(t, []string{"device-session-2", "device-session-1"}, result.AffectedDeviceSessionIDs)
+	require.Len(t, publisher.PublishedSnapshots(), 4)
+}
+
+func TestExecuteRepublishesCurrentRevokedSessionsOnNoActiveSessionsRetry(t *testing.T) {
+	t.Parallel()
+
+	store := &testkit.InMemorySessionStore{}
+	userDirectory := &testkit.InMemoryUserDirectory{}
+	publisher := &testkit.RecordingProjectionPublisher{
+		Errors: []error{
+			nil,
+			errors.New("publish failed"),
+			errors.New("publish failed"),
+			errors.New("publish failed"),
+		},
+	}
+	require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1")))
+	require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC())))
+	require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-2", "user-1", time.Unix(20, 0).UTC())))
+
+	service, err := New(store, userDirectory, publisher, testkit.FixedClock{Time: time.Unix(30, 0).UTC()})
+	require.NoError(t, err)
+
+	_, err = service.Execute(context.Background(), Input{
+		UserID:     "user-1",
+		ReasonCode: "logout_all",
+		ActorType:  "system",
+	})
+	require.Error(t, err)
+	assert.Equal(t, shared.ErrorCodeServiceUnavailable, shared.CodeOf(err))
+	require.Len(t, publisher.PublishedSnapshots(), 4)
+
+	for _, deviceSessionID := range []common.DeviceSessionID{"device-session-1", "device-session-2"} {
+		record, getErr := store.Get(context.Background(), deviceSessionID)
+		require.NoError(t, getErr)
+		require.NotNil(t, record.Revocation)
+		assert.Equal(t, devicesession.StatusRevoked, record.Status)
+	}
+
+	publisher.Errors = nil
+	publisher.Err = nil
+
+	result, err := service.Execute(context.Background(), Input{
+		UserID:     "user-1",
+		ReasonCode: "logout_all",
+		ActorType:  "system",
+	})
+	require.NoError(t, err)
+	assert.Equal(t, "no_active_sessions", result.Outcome)
+	assert.EqualValues(t, 0, result.AffectedSessionCount)
+	require.NotNil(t, result.AffectedDeviceSessionIDs)
+	assert.Empty(t, result.AffectedDeviceSessionIDs)
+
+	published := publisher.PublishedSnapshots()
+	require.Len(t, published, 6)
+	assert.Equal(t, []common.DeviceSessionID{"device-session-2", "device-session-1"}, []common.DeviceSessionID{
+		published[4].DeviceSessionID,
+		published[5].DeviceSessionID,
+	})
+}