/api/administrator/reset-session-key (PATCH)
await global.api.administrator.ResetSessionKey.patch(req) Located in Dashboard API
Returns object
Exceptions
These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:
Exception | Circumstances |
---|---|
invalid querystring accountid | |
invalid-accountid | missing querystring accountid |
invalid-account | ineligible querystring account is deleted |
requires | querystring accountid is not deleted |
NodeJS source (edit on github)
If you see a problem with the source submit a pull request on Github.
const dashboard = require('../../../../index.js')
module.exports = {
/**
* End all of a user's sessions by generating a new
* session key that invalidates all previous sessions
*/
patch: async (req) => {
if (!req.query || !req.query.accountid) {
throw new Error('invalid-accountid')
}
const account = await global.api.administrator.Account.get(req)
if (!account) {
throw new Error('invalid-accountid')
}
if (account.deleted) {
throw new Error('invalid-account')
}
await dashboard.StorageObject.setProperties(`${req.appid}/account/${req.query.accountid}`, {
sessionKey: dashboard.UUID.random(64),
sessionKeyLastReset: dashboard.Timestamp.now,
sessionKeyNumber: account.sessionKeyNumber + 1
})
return global.api.administrator.Account.get(req)
}
}
Test source (edit on github)
Tests perform real HTTP requests against a running Dashboard server.
/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')
describe('/api/administrator/reset-session-key', () => {
describe('exceptions', () => {
describe('invalid-accountid', () => {
it('missing querystring accountid', async () => {
const administrator = await TestHelper.createOwner()
const req = TestHelper.createRequest('/api/administrator/reset-session-key')
req.account = administrator.account
req.session = administrator.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
it('invalid querystring accountid', async () => {
const administrator = await TestHelper.createOwner()
const req = TestHelper.createRequest('/api/administrator/reset-session-key?accountid=invalid')
req.account = administrator.account
req.session = administrator.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
})
})
describe('invalid-account', () => {
it('ineligible querystring account is deleted', async () => {
const administrator = await TestHelper.createOwner()
const user = await TestHelper.createUser()
await TestHelper.setDeleted(user)
const req = TestHelper.createRequest(`/api/administrator/reset-session-key?accountid=${user.account.accountid}`)
req.account = administrator.account
req.session = administrator.session
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-account')
})
})
describe('requires', () => {
it('querystring accountid is not deleted', async () => {
const administrator = await TestHelper.createOwner()
const user = await TestHelper.createUser()
await TestHelper.setDeleted(user)
const req = TestHelper.createRequest(`/api/administrator/reset-session-key?accountid=${user.account.accountid}`)
req.account = administrator.account
req.session = administrator.session
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-account')
})
})
describe('returns', () => {
it('object', async () => {
const administrator = await TestHelper.createOwner()
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/administrator/reset-session-key?accountid=${user.account.accountid}`)
req.account = administrator.account
req.session = administrator.session
req.filename = __filename
req.saveResponse = true
const accountNow = await req.patch()
assert.strictEqual(accountNow.object, 'account')
assert.notStrictEqual(accountNow.sessionKeyNumber, user.sessionKeyNumber)
assert.notStrictEqual(accountNow.sessionKeyLastReset, undefined)
assert.notStrictEqual(accountNow.sessionKeyLastReset, null)
})
})
})