package revokeallusersessions import ( "context" "errors" "testing" "time" "galaxy/authsession/internal/domain/common" "galaxy/authsession/internal/domain/devicesession" "galaxy/authsession/internal/service/shared" "galaxy/authsession/internal/testkit" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestExecuteRetriesProjectionPublishesForBulkRevoke(t *testing.T) { t.Parallel() store := &testkit.InMemorySessionStore{} userDirectory := &testkit.InMemoryUserDirectory{} publisher := &testkit.RecordingProjectionPublisher{ Errors: []error{ errors.New("publish failed"), nil, errors.New("publish failed"), nil, }, } require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1"))) require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC()))) require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-2", "user-1", time.Unix(20, 0).UTC()))) service, err := New(store, userDirectory, publisher, testkit.FixedClock{Time: time.Unix(30, 0).UTC()}) require.NoError(t, err) result, err := service.Execute(context.Background(), Input{ UserID: "user-1", ReasonCode: "logout_all", ActorType: "system", }) require.NoError(t, err) assert.Equal(t, "revoked", result.Outcome) assert.EqualValues(t, 2, result.AffectedSessionCount) assert.Equal(t, []string{"device-session-2", "device-session-1"}, result.AffectedDeviceSessionIDs) require.Len(t, publisher.PublishedSnapshots(), 4) } func TestExecuteRepublishesCurrentRevokedSessionsOnNoActiveSessionsRetry(t *testing.T) { t.Parallel() store := &testkit.InMemorySessionStore{} userDirectory := &testkit.InMemoryUserDirectory{} publisher := &testkit.RecordingProjectionPublisher{ Errors: []error{ nil, errors.New("publish failed"), errors.New("publish failed"), errors.New("publish failed"), }, } require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1"))) require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC()))) require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-2", "user-1", time.Unix(20, 0).UTC()))) service, err := New(store, userDirectory, publisher, testkit.FixedClock{Time: time.Unix(30, 0).UTC()}) require.NoError(t, err) _, err = service.Execute(context.Background(), Input{ UserID: "user-1", ReasonCode: "logout_all", ActorType: "system", }) require.Error(t, err) assert.Equal(t, shared.ErrorCodeServiceUnavailable, shared.CodeOf(err)) require.Len(t, publisher.PublishedSnapshots(), 4) for _, deviceSessionID := range []common.DeviceSessionID{"device-session-1", "device-session-2"} { record, getErr := store.Get(context.Background(), deviceSessionID) require.NoError(t, getErr) require.NotNil(t, record.Revocation) assert.Equal(t, devicesession.StatusRevoked, record.Status) } publisher.Errors = nil publisher.Err = nil result, err := service.Execute(context.Background(), Input{ UserID: "user-1", ReasonCode: "logout_all", ActorType: "system", }) require.NoError(t, err) assert.Equal(t, "no_active_sessions", result.Outcome) assert.EqualValues(t, 0, result.AffectedSessionCount) require.NotNil(t, result.AffectedDeviceSessionIDs) assert.Empty(t, result.AffectedDeviceSessionIDs) published := publisher.PublishedSnapshots() require.Len(t, published, 6) assert.Equal(t, []common.DeviceSessionID{"device-session-2", "device-session-1"}, []common.DeviceSessionID{ published[4].DeviceSessionID, published[5].DeviceSessionID, }) }