Add more tests around terminating streaming connections (#38301)

2026-03-21 18:05:23 -05:00 · 2026-03-20 11:00:30 +01:00 · 2026-03-20 11:00:30 +01:00 · 8f9eba9629
commit 8f9eba9629
parent ccf6f16f05
3 changed files with 54 additions and 1 deletions
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -405,6 +405,31 @@ RSpec.describe User do
    end
  end

+  describe '#revoke_access!' do
+    subject(:user) { Fabricate(:user, disabled: false, current_sign_in_at: current_sign_in_at, last_sign_in_at: nil) }
+
+    let(:current_sign_in_at) { Time.zone.now }
+
+    let!(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id) }
+
+    let(:redis_pipeline_stub) { instance_double(Redis::PipelinedConnection, publish: nil) }
+
+    before do
+      allow(redis)
+        .to receive(:pipelined)
+        .and_yield(redis_pipeline_stub)
+    end
+
+    it 'revokes tokens' do
+      user.revoke_access!
+
+      expect(redis_pipeline_stub)
+        .to have_received(:publish).with("timeline:access_token:#{token.id}", { event: :kill }.to_json).once
+
+      expect(token.reload.revoked?).to be true
+    end
+  end
+
  describe '#enable!' do
    subject(:user) { Fabricate(:user, disabled: true) }

--- a/spec/system/auth/passwords_spec.rb
+++ b/spec/system/auth/passwords_spec.rb
@ -11,7 +11,14 @@ RSpec.describe 'Auth Passwords' do
  describe 'Resetting a password', :inline_jobs do
    let(:new_password) { 'New.Pass.123' }

-    before { allow(Devise).to receive(:pam_authentication).and_return(false) } # Avoid the "seamless external" path
+    before do
+      allow(Devise).to receive(:pam_authentication).and_return(false) # Avoid the "seamless external" path
+
+      # Disable wrapstodon to avoid redis calls that we don't want to stub
+      Setting.wrapstodon = false
+
+      allow(redis).to receive(:publish)
+    end

    it 'initiates reset, sends link, resets password from form, clears data' do
      visit new_user_password_path
@ -31,6 +38,10 @@ RSpec.describe 'Auth Passwords' do
        .to be_present
        .and be_valid_password(new_password)

+      # Disables the token associated with the session
+      expect(redis)
+        .to have_received(:publish).with("timeline:access_token:#{session_activation.access_token.id}", { event: :kill }.to_json).once
+
      # Deactivate session
      expect(user_session_count)
        .to eq(0)
--- a/spec/system/streaming/streaming_spec.rb
+++ b/spec/system/streaming/streaming_spec.rb
@ -75,6 +75,23 @@ RSpec.describe 'Streaming', :inline_jobs, :streaming do
    end
  end

+  context 'when destroying a session activation tied to the used token' do
+    let(:session_activation) { Fabricate(:session_activation, user: user) }
+    let(:token) { session_activation.access_token }
+
+    it 'disconnects the client' do
+      streaming_client.connect
+
+      expect(streaming_client.status).to eq(101)
+      expect(streaming_client.open?).to be(true)
+
+      session_activation.destroy!
+
+      expect(streaming_client.wait_for(:closed).code).to be(1000)
+      expect(streaming_client.open?).to be(false)
+    end
+  end
+
  context 'with a disabled user account' do
    before do
      user.disable!