Merge branch 'session-error-throwing-fix' of github.com:supertokens/supertokens-golang into session-error-throwing-fix

Author: sattvikc

CHANGELOG.md

@@ -15,8 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   `RegenerateAccessToken` now returns `nil` if the input access token's `sessionHandle` does not exist.
 -   The session container functions have not changed in behaviour and return errors if `sessionHandle` does not exist. This works on the current session.
 
-### Adds:
+### Fixes
+-   Clears cookies when RevokeSession is called using the session container, even if the session did not exist from before: https://github.com/supertokens/supertokens-node/issues/343
 
+### Adds:
 -   Adds default userContext for API calls that contains the request object. It can be used in APIs / functions override like so:
 
 ```golang

recipe/session/session.go

@@ -47,13 +47,11 @@ func makeSessionContainerInput(accessToken string, sessionHandle string, userID
 func newSessionContainer(config sessmodels.TypeNormalisedInput, session *SessionContainerInput) sessmodels.SessionContainer {
 
 	revokeSessionWithContext := func(userContext supertokens.UserContext) error {
-		success, err := (*session.recipeImpl.RevokeSession)(session.sessionHandle, userContext)
+		_, err := (*session.recipeImpl.RevokeSession)(session.sessionHandle, userContext)
 		if err != nil {
 			return err
 		}
-		if success {
-			clearSessionFromCookie(config, session.res)
-		}
+		clearSessionFromCookie(config, session.res)
 		return nil
 	}
 

recipe/session/session_test.go

@@ -956,3 +956,60 @@ func TestRevokedSessionThrowsErrorWhenCallingGetSessionBySessionHandle(t *testin
 	assert.Nil(t, sessionInformation)
 	assert.NoError(t, err)
 }
+
+func TestSignoutWorksAfterSessionDeletedOnBackend(t *testing.T) {
+	sessionHandle := ""
+	customAntiCsrfVal := "VIA_TOKEN"
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			Init(&sessmodels.TypeInput{
+				AntiCsrf: &customAntiCsrfVal,
+			}),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	mux := http.NewServeMux()
+
+	mux.HandleFunc("/create", func(rw http.ResponseWriter, r *http.Request) {
+		sess, _ := CreateNewSession(rw, "rope", map[string]interface{}{}, map[string]interface{}{})
+		sessionHandle = sess.GetHandle()
+	})
+
+	testServer := httptest.NewServer(supertokens.Middleware(mux))
+	defer func() {
+		testServer.Close()
+	}()
+	req, err := http.NewRequest(http.MethodGet, testServer.URL+"/create", nil)
+	assert.NoError(t, err)
+	res, err := http.DefaultClient.Do(req)
+	assert.NoError(t, err)
+	cookieData := unittesting.ExtractInfoFromResponse(res)
+
+	RevokeSession(sessionHandle)
+
+	resp1, err := unittesting.SignoutRequest(testServer.URL, cookieData["sAccessToken"], cookieData["sIdRefreshToken"], cookieData["antiCsrf"])
+	cookieData = unittesting.ExtractInfoFromResponse(resp1)
+
+	assert.Equal(t, cookieData["accessTokenExpiry"], "Thu, 01 Jan 1970 00:00:00 GMT")
+	assert.Equal(t, cookieData["refreshTokenExpiry"], "Thu, 01 Jan 1970 00:00:00 GMT")
+	assert.Equal(t, cookieData["idRefreshTokenExpiry"], "Thu, 01 Jan 1970 00:00:00 GMT")
+	assert.Equal(t, cookieData["accessToken"], "")
+	assert.Equal(t, cookieData["refreshToken"], "")
+	assert.Equal(t, cookieData["idRefreshTokenFromCookie"], "")
+	assert.Equal(t, cookieData["idRefreshTokenFromHeader"], "remove")
+}

test/unittesting/testingutils.go

@@ -190,6 +190,7 @@ func ExtractInfoFromResponse(res *http.Response) map[string]string {
 	var refreshTokenDomain string
 	var refreshTokenHttpOnly = "false"
 	var idRefreshTokenFromCookie string
+	var idRefreshTokenFromHeader string
 	var idRefreshTokenExpiry string
 	var idRefreshTokenDomain string
 	var idRefreshTokenHttpOnly = "false"
@@ -252,20 +253,26 @@ func ExtractInfoFromResponse(res *http.Response) map[string]string {
 			}
 		}
 	}
+	idRefreshTokenFromHeader = res.Header.Get("id-refresh-token")
+	antiCsrfVal := ""
+	if len(antiCsrf) > 0 {
+		antiCsrfVal = antiCsrf[0]
+	}
 	return map[string]string{
-		"antiCsrf":               antiCsrf[0],
-		"sAccessToken":           accessToken,
-		"sRefreshToken":          refreshToken,
-		"sIdRefreshToken":        idRefreshTokenFromCookie,
-		"refreshTokenExpiry":     refreshTokenExpiry,
-		"refreshTokenDomain":     refreshTokenDomain,
-		"refreshTokenHttpOnly":   refreshTokenHttpOnly,
-		"idRefreshTokenExpiry":   idRefreshTokenExpiry,
-		"idRefreshTokenDomain":   idRefreshTokenDomain,
-		"idRefreshTokenHttpOnly": idRefreshTokenHttpOnly,
-		"accessTokenExpiry":      accessTokenExpiry,
-		"accessTokenDomain":      accessTokenDomain,
-		"accessTokenHttpOnly":    accessTokenHttpOnly,
+		"antiCsrf":                 antiCsrfVal,
+		"sAccessToken":             accessToken,
+		"sRefreshToken":            refreshToken,
+		"sIdRefreshToken":          idRefreshTokenFromCookie,
+		"refreshTokenExpiry":       refreshTokenExpiry,
+		"refreshTokenDomain":       refreshTokenDomain,
+		"refreshTokenHttpOnly":     refreshTokenHttpOnly,
+		"idRefreshTokenExpiry":     idRefreshTokenExpiry,
+		"idRefreshTokenFromHeader": idRefreshTokenFromHeader,
+		"idRefreshTokenDomain":     idRefreshTokenDomain,
+		"idRefreshTokenHttpOnly":   idRefreshTokenHttpOnly,
+		"accessTokenExpiry":        accessTokenExpiry,
+		"accessTokenDomain":        accessTokenDomain,
+		"accessTokenHttpOnly":      accessTokenHttpOnly,
 	}
 }