test(#707): preserve approval boundary during session GC
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
This commit is contained in:
@@ -103,7 +103,10 @@ describe('TESS-M1-SEC-001 command authorization abuse cases', () => {
|
|||||||
expect(denied.success).toBe(false);
|
expect(denied.success).toBe(false);
|
||||||
expect(denied.message).toContain('approval');
|
expect(denied.message).toContain('approval');
|
||||||
expect(approval).not.toBeNull();
|
expect(approval).not.toBeNull();
|
||||||
expect(approved.success).toBe(true);
|
// A valid durable approval is consumed, but cannot authorize an unimplemented
|
||||||
expect(sessionGc.sweepOrphans).toHaveBeenCalledOnce();
|
// global retention operation. Session-scoped cleanup remains lifecycle-only.
|
||||||
|
expect(approved.success).toBe(false);
|
||||||
|
expect(approved.message).toContain('Global GC is disabled');
|
||||||
|
expect(sessionGc.sweepOrphans).not.toHaveBeenCalled();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -65,6 +65,13 @@ describe('SessionGCService', () => {
|
|||||||
expect(result.cleaned.valkeyKeys).toBeUndefined();
|
expect(result.cleaned.valkeyKeys).toBeUndefined();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('collect() only scans its session namespace and cannot reach durable approvals', async () => {
|
||||||
|
await service.collect('abc');
|
||||||
|
|
||||||
|
expect(mockRedis.scan).toHaveBeenCalledWith('0', 'MATCH', 'mosaic:session:abc:*', 'COUNT', 100);
|
||||||
|
expect(mockRedis.del).not.toHaveBeenCalledWith(expect.stringContaining('command-approval'));
|
||||||
|
});
|
||||||
|
|
||||||
it('collect() returns sessionId in result', async () => {
|
it('collect() returns sessionId in result', async () => {
|
||||||
const result = await service.collect('test-session-id');
|
const result = await service.collect('test-session-id');
|
||||||
expect(result.sessionId).toBe('test-session-id');
|
expect(result.sessionId).toBe('test-session-id');
|
||||||
|
|||||||
Reference in New Issue
Block a user