From 7b29a1e4859a4f2537ffc47c10c00ec7030cc87f Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 27 Apr 2021 14:52:42 +0200
Subject: [PATCH] stages/user_login: add tests for explicit session length

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/stages/user_login/tests.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py
index 98da7ab45..33c921e17 100644
--- a/authentik/stages/user_login/tests.py
+++ b/authentik/stages/user_login/tests.py
@@ -1,4 +1,5 @@
 """login tests"""
+from time import sleep
 from unittest.mock import patch
 
 from django.test import Client, TestCase
@@ -51,6 +52,31 @@ class TestUserLoginStage(TestCase):
             {"to": reverse("authentik_core:root-redirect"), "type": "redirect"},
         )
 
+    def test_expiry(self):
+        """Test with expiry"""
+        self.stage.session_duration = "seconds=2"
+        self.stage.save()
+        plan = FlowPlan(
+            flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+        )
+        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            force_str(response.content),
+            {"to": reverse("authentik_core:root-redirect"), "type": "redirect"},
+        )
+        self.assertNotEqual(list(self.client.session.keys()), [])
+        sleep(3)
+        self.client.session.clear_expired()
+        self.assertEqual(list(self.client.session.keys()), [])
+
     @patch(
         "authentik.flows.views.to_stage_response",
         TO_STAGE_RESPONSE_MOCK,