marcel/familienarchiv
1
0
Fork 0
Code Issues 118 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(auth): guard revokeOtherSessions/revokeAllSessions against null sessionRepository

Browse Source 
Addresses Nora (blocker 1) and Felix (suggestion): both revocation methods
now return 0 immediately when sessionRepository is unavailable (non-web
test contexts where JdbcHttpSessionAutoConfiguration does not fire).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-18 13:27:29 +02:00
committed by marcel
parent 78fd9e026e
commit 956387471d
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
backend/src/test/java/org/raddatz/familienarchiv/auth/AuthServiceTest.java
View File

@@ -214,4 +214,24 @@ class AuthServiceTest {
verify(sessionRepository).deleteById("session-1");
verify(sessionRepository).deleteById("session-2");
}
// ─── null-guard when sessionRepository is unavailable ────────────────────
@Test
void revokeAllSessions_returns_zero_when_sessionRepository_is_null() {
ReflectionTestUtils.setField(authService, "sessionRepository", null);
int count = authService.revokeAllSessions("user@test.de");
assertThat(count).isEqualTo(0);
}
@Test
void revokeOtherSessions_returns_zero_when_sessionRepository_is_null() {
ReflectionTestUtils.setField(authService, "sessionRepository", null);
int count = authService.revokeOtherSessions("session-keep", "user@test.de");
assertThat(count).isEqualTo(0);
}
}