From dbb8ec52d58aa8559c6f4fd961a93c5efec86749 Mon Sep 17 00:00:00 2001
From: Brian Warner <warner@lothar.com>
Date: Fri, 13 Jul 2012 01:15:15 -0700
Subject: [PATCH] test that all sessions are expired when the password is
 changed

---
 tests/password-update-test.js | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/tests/password-update-test.js b/tests/password-update-test.js
index a33ac5568..173794d51 100755
--- a/tests/password-update-test.js
+++ b/tests/password-update-test.js
@@ -92,6 +92,30 @@ suite.addBatch({
   }
 });
 
+var context2 = {};
+suite.addBatch({
+  "establishing a second session": {
+    topic: wsapi.post('/wsapi/authenticate_user', {
+      email: TEST_EMAIL,
+      pass: OLD_PASSWORD,
+      ephemeral: false
+    }, context2),
+    "works as expected": function(err, r) {
+      assert.strictEqual(JSON.parse(r.body).success, true);
+    }
+  }
+});
+
+suite.addBatch({
+  "using the second session": {
+    topic: wsapi.post('/wsapi/prolong_session', {}, context2),
+    "works as expected": function(err, r) {
+      assert.strictEqual(r.code, 200);
+      assert.strictEqual(r.body, "OK");
+    }
+  }
+});
+
 suite.addBatch({
   "updating the password without specifying a proper old password": {
     topic: wsapi.post('/wsapi/update_password', {
@@ -148,6 +172,12 @@ suite.addBatch({
     "fails as expected": function(err, r) {
       assert.strictEqual(JSON.parse(r.body).success, false);
     }
+  },
+  "using the other (expired) session": {
+    topic: wsapi.post('/wsapi/prolong_session', {}, context2),
+    "fails as expected": function(err, r) {
+      assert.strictEqual(r.code, 403);
+    }
   }
 });
 
-- 
GitLab