Merge pull request #637 from dannycoates/i610

added /session/status endpoint
2014-03-20 15:25:23 -07:00 · 2014-03-20 15:25:23 -07:00 · 1a9c987c30
--- a/client/api.js
+++ b/client/api.js
@ -348,6 +348,19 @@ ClientApi.prototype.sessionDestroy = function (sessionTokenHex) {
    )
 }

+ClientApi.prototype.sessionStatus = function (sessionTokenHex) {
+  return tokens.SessionToken.fromHex(sessionTokenHex)
+    .then(
+      function (token) {
+        return this.doRequest(
+          'GET',
+          this.baseURL + '/session/status',
+          token
+        )
+      }.bind(this)
+    )
+}
+
 ClientApi.heartbeat = function (origin) {
  return (new ClientApi(origin)).doRequest('GET', origin + '/__heartbeat__')
 }
--- a/docs/api.md
+++ b/docs/api.md
@ -114,6 +114,7 @@ Since this is a HTTP-based protocol, clients should be prepared to gracefully ha
    * [POST /v1/account/login](#post-v1accountlogin)

 * Session
+    * [GET /v1/session/status (:lock: sessionToken)](#get-v1sessionstatus)
    * [POST /v1/session/destroy (:lock: sessionToken)](#post-v1sessiondestroy)

 * Recovery Email
@ -434,6 +435,44 @@ Failing requests may be due to the following errors:
 * status code 400, errno 120:  incorrect email case


+## GET /v1/session/status
+
+:lock: HAWK-authenticated with the sessionToken.
+
+The request will return a success response as long as the token is valid.
+
+### Request
+
+___Headers___
+
+The request must include a Hawk header that authenticates the request using a `sessionToken` received from `/v1/account/create` or `/v1/account/login`.
+
+```sh
+curl -v \
+-X GET \
+-H "Host: api-accounts.dev.lcip.org" \
+-H "Content-Type: application/json" \
+-H 'Authorization: Hawk id="d4c5b1e3f5791ef83896c27519979b93a45e6d0da34c7509c5632ac35b28b48d", ts="1373391043", nonce="ohQjqb", hash="vBODPWhDhiRWM4tmI9qp+np+3aoqEFzdGuGk0h7bh9w=", mac="LAnpP3P2PXelC6hUoUaHP72nCqY5Iibaa3eeiGBqIIU="' \
+https://api-accounts.dev.lcip.org/v1/session/status \
+```
+
+
+### Response
+
+Successful requests will produce a "200 OK" response with an empty JSON body object:
+
+```json
+{}
+```
+
+Failing requests may be due to the following errors:
+
+* status code 401, errno 109:  invalid request signature
+* status code 401, errno 110:  invalid authentication token
+* status code 401, errno 111:  invalid authentication timestamp
+* status code 401, errno 115:  invalid authentication nonce
+
+
 ## POST /v1/session/destroy

 :lock: HAWK-authenticated with the sessionToken.
--- a/routes/session.js
+++ b/routes/session.js
@ -24,6 +24,19 @@ module.exports = function (log, isA, error, db) {
            reply
          )
      }
+    },
+    {
+      method: 'GET',
+      path: '/session/status',
+      config: {
+        auth: {
+          strategy: 'sessionToken'
+        }
+      },
+      handler: function (request, reply) {
+        log.begin('Session.status', request)
+        reply({})
+      }
    }
  ]

--- a/test/remote/session_destroy_tests.js
+++ b/test/remote/session_destroy_tests.js
@ -51,6 +51,44 @@ TestServer.start(config)
    }
  )

+  test(
+    'session status with valid token',
+    function (t) {
+      var email = server.uniqueEmail()
+      var password = 'testx'
+      return Client.create(config.publicUrl, email, password)
+        .then(
+          function (c) {
+            return c.login()
+              .then(
+                function () {
+                  return c.api.sessionStatus(c.sessionToken)
+                }
+              )
+          }
+        )
+        .then(
+          function (x) {
+            t.deepEqual(x, {}, 'good status')
+          }
+        )
+    }
+  )
+
+  test(
+    'session status with invalid token',
+    function (t) {
+      var client = new Client(config.publicUrl)
+      return client.api.sessionStatus('0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF')
+        .then(
+          t.fail,
+          function (err) {
+            t.equal(err.errno, 110, 'invalid token')
+          }
+        )
+    }
+  )
+
  test(
    'teardown',
    function (t) {