chore(tests): cleanup sessionToken endpoints and docs, r=@philbooth, @rfk

Author: vbudhram

db-server/index.js

@@ -117,13 +117,12 @@ function createServer(db) {
   api.del('/sessionToken/:id', withIdAndBody(db.deleteSessionToken))
   api.put('/sessionToken/:id', withIdAndBody(db.createSessionToken))
   api.post('/sessionToken/:id/update', withIdAndBody(db.updateSessionToken))
-  api.get('/sessionToken/:id/device', withIdAndBody(db.sessionWithDevice))
+  api.get('/sessionToken/:id/device', withIdAndBody(db.sessionToken))
 
   api.get('/keyFetchToken/:id', withIdAndBody(db.keyFetchToken))
   api.del('/keyFetchToken/:id', withIdAndBody(db.deleteKeyFetchToken))
   api.put('/keyFetchToken/:id', withIdAndBody(db.createKeyFetchToken))
 
-  api.get('/sessionToken/:id/verified', withIdAndBody(db.sessionTokenWithVerificationStatus))
   api.get('/keyFetchToken/:id/verified', withIdAndBody(db.keyFetchTokenWithVerificationStatus))
   api.post('/tokens/:id/verify', withIdAndBody(db.verifyTokens))
   api.post('/tokens/:code/verifyCode', withParamsAndBody(db.verifyTokenCode))

db-server/test/backend/db_tests.js

@@ -353,21 +353,21 @@ module.exports = function (config, DB) {
             assert.deepEqual(token.emailCode, accountData.emailCode, 'token emailCode same as account emailCode')
             assert.equal(token.verifierSetAt, accountData.verifierSetAt, 'verifierSetAt is correct')
             assert.equal(token.accountCreatedAt, accountData.createdAt, 'accountCreatedAt is correct')
-            assert.equal(token.mustVerify, undefined, 'mustVerify is undefined')
-            assert.equal(token.tokenVerificationId, undefined, 'tokenVerificationId is undefined')
+            assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is set')
+            assert.deepEqual(token.tokenVerificationId, sessionTokenData.tokenVerificationId, 'tokenVerificationId is set')
           })
       })
 
       it('should update mustVerify to true, but not to false', () => {
-        return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+        return db.sessionToken(sessionTokenData.tokenId)
           .then((token) => {
             assert.equal(token.mustVerify, false, 'mustVerify starts out as false')
             assert.equal(token.uaBrowser, 'mock browser', 'other fields have their default values')
             return db.updateSessionToken(sessionTokenData.tokenId, { mustVerify: true })
           })
           .then((result) => {
             assert.deepEqual(result, {}, 'Returned an empty object on session token update')
-            return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+            return db.sessionToken(sessionTokenData.tokenId)
           })
           .then((token) => {
             assert.equal(token.mustVerify, true, 'mustVerify was correctly updated to true')
@@ -376,7 +376,7 @@ module.exports = function (config, DB) {
           })
           .then((result) => {
             assert.deepEqual(result, {}, 'Returned an empty object on session token update')
-            return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+            return db.sessionToken(sessionTokenData.tokenId)
           })
           .then((token) => {
             assert.equal(token.mustVerify, true, 'mustVerify was not reset back to false')
@@ -385,7 +385,7 @@ module.exports = function (config, DB) {
       })
 
       it('should get verification state', () => {
-        return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+        return db.sessionToken(sessionTokenData.tokenId)
           .then((token) => {
             assert.deepEqual(token.tokenData, sessionTokenData.data, 'token data matches')
             assert.deepEqual(token.uid, accountData.uid, 'token belongs to this account')
@@ -415,7 +415,7 @@ module.exports = function (config, DB) {
             assert.equal(err.errno, 116, 'err.errno is correct')
             assert.equal(err.code, 404, 'err.code is correct')
 
-            return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+            return db.sessionToken(sessionTokenData.tokenId)
           })
           .then((token) => {
             assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is correct')
@@ -429,7 +429,7 @@ module.exports = function (config, DB) {
             assert.equal(err.errno, 116, 'err.errno is correct')
             assert.equal(err.code, 404, 'err.code is correct')
 
-            return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+            return db.sessionToken(sessionTokenData.tokenId)
           })
           .then((token) => {
             assert.equal(!! token.mustVerify, !! sessionTokenData.mustVerify, 'mustVerify is correct')
@@ -440,7 +440,7 @@ module.exports = function (config, DB) {
       it('should verify session token', () => {
         return db.verifyTokens(sessionTokenData.tokenVerificationId, accountData)
           .then(() => {
-            return db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)
+            return db.sessionToken(sessionTokenData.tokenId)
           }, assert.fail)
           .then((token) => {
             assert.equal(token.mustVerify, null, 'mustVerify is null')
@@ -887,7 +887,7 @@ module.exports = function (config, DB) {
       })
 
       it('should have created device', () => {
-        return db.sessionWithDevice(sessionTokenData.tokenId)
+        return db.sessionToken(sessionTokenData.tokenId)
           .then((s) => {
             assert.deepEqual(s.deviceId, deviceInfo.deviceId, 'id')
             assert.deepEqual(s.uid, sessionTokenData.uid, 'uid')
@@ -1714,15 +1714,13 @@ module.exports = function (config, DB) {
             sessionTokenData = makeMockSessionToken(account.uid)
             return db.createSessionToken(sessionTokenData.tokenId, sessionTokenData)
               .then(() => {
-                return P.all([db.sessionToken(sessionTokenData.tokenId), db.sessionTokenWithVerificationStatus(sessionTokenData.tokenId)])
+                return db.sessionToken(sessionTokenData.tokenId)
               })
           })
-          .then((res) => {
-            res.forEach((session) => {
-              assert.equal(session.email, secondEmail.email, 'should equal new primary email')
-              assert.deepEqual(session.emailCode, secondEmail.emailCode, 'should equal new primary emailCode')
-              assert.deepEqual(session.uid, account.uid, 'should equal account uid')
-            })
+          .then((session) => {
+            assert.equal(session.email, secondEmail.email, 'should equal new primary email')
+            assert.deepEqual(session.emailCode, secondEmail.emailCode, 'should equal new primary emailCode')
+            assert.deepEqual(session.uid, account.uid, 'should equal account uid')
             return P.all([db.accountRecord(secondEmail.email), db.accountRecord(account.email)])
           })
           .then((res) => {
@@ -1748,20 +1746,18 @@ module.exports = function (config, DB) {
         tokenVerificationCode = sessionToken.tokenVerificationCode
         return db.createSessionToken(tokenId, sessionToken)
           .then(() => {
-            return db.sessionTokenWithVerificationStatus(tokenId)
+            return db.sessionToken(tokenId)
           })
           .then((session) => {
             // Returns unverified session
             assert.equal(session.mustVerify, sessionToken.mustVerify, 'mustVerify must match sessionToken')
             assert.equal(session.tokenVerificationId.toString('hex'), sessionToken.tokenVerificationId.toString('hex'), 'tokenVerificationId must match sessionToken')
-            assert.ok(session.tokenVerificationCodeHash, 'tokenVerificationCodeHash exists')
-            assert.equal(session.tokenVerificationCodeExpiresAt, sessionToken.tokenVerificationCodeExpiresAt, 'tokenVerificationCodeExpiresAt must match sessionToken')
 
             // Verify the session
             return db.verifyTokenCode({code: tokenVerificationCode}, account)
           })
           .then(() => {
-            return db.sessionTokenWithVerificationStatus(tokenId)
+            return db.sessionToken(tokenId)
           })
           .then((session) => {
             // Returns verified session

db-server/test/backend/remote.js

@@ -324,14 +324,6 @@ module.exports = function(cfg, makeServer) {
           }, function(err) {
             testNotFound(err)
 
-            // Attempt to fetch a non-existent session token with its verification state
-            return client.getThen('/sessionToken/' + user.sessionTokenId + '/verified')
-          })
-          .then(function(r) {
-            assert(false, 'A non-existent session token should not have returned anything')
-          }, function(err) {
-            testNotFound(err)
-
             // Create a session token
             return client.putThen('/sessionToken/' + user.sessionTokenId, user.sessionToken)
           })
@@ -364,31 +356,6 @@ module.exports = function(cfg, makeServer) {
           .then(function(r) {
             var token = r.obj
 
-            assert.deepEqual(token.tokenData, user.sessionToken.data, 'token data matches')
-            assert.deepEqual(token.uid, user.accountId, 'token belongs to this account')
-            assert.equal(token.createdAt, user.sessionToken.createdAt, 'createdAt matches')
-            assert.equal(token.uaBrowser, user.sessionToken.uaBrowser, 'uaBrowser matches')
-            assert.equal(token.uaBrowserVersion, user.sessionToken.uaBrowserVersion, 'uaBrowserVersion matches')
-            assert.equal(token.uaOS, user.sessionToken.uaOS, 'uaOS matches')
-            assert.equal(token.uaOSVersion, user.sessionToken.uaOSVersion, 'uaOSVersion matches')
-            assert.equal(token.uaDeviceType, user.sessionToken.uaDeviceType, 'uaDeviceType matches')
-            assert.equal(token.uaFormFactor, user.sessionToken.uaFormFactor, 'uaFormFactor matches')
-            assert.equal(token.lastAccessTime, token.createdAt, 'lastAccessTime was set')
-            assert.equal(token.authAt, token.createdAt, 'authAt was set to default')
-            assert.equal(!! token.emailVerified, user.account.emailVerified, 'emailVerified same as account emailVerified')
-            assert.equal(token.email, user.account.email, 'token.email same as account email')
-            assert.deepEqual(token.emailCode, user.account.emailCode, 'token emailCode same as account emailCode')
-            assert(token.verifierSetAt, 'verifierSetAt is set to a truthy value')
-            assert(token.accountCreatedAt > 0, 'accountCreatedAt is positive number')
-            assert.equal(token.mustVerify, undefined, 'mustVerify is undefined')
-            assert.equal(token.tokenVerificationId, undefined, 'tokenVerificationId is undefined')
-
-            // Fetch the session token with its verification state
-            return client.getThen('/sessionToken/' + user.sessionTokenId + '/verified')
-          })
-          .then(function(r) {
-            var token = r.obj
-
             assert.deepEqual(token.tokenData, user.sessionToken.data, 'token data matches')
             assert.deepEqual(token.uid, user.accountId, 'token belongs to this account')
             assert.equal(token.createdAt, user.sessionToken.createdAt, 'createdAt matches')
@@ -420,31 +387,6 @@ module.exports = function(cfg, makeServer) {
           .then(function(r) {
             var token = r.obj
 
-            assert.deepEqual(token.tokenData, verifiedUser.sessionToken.data, 'token data matches')
-            assert.deepEqual(token.uid, verifiedUser.accountId, 'token belongs to this account')
-            assert.equal(token.createdAt, verifiedUser.sessionToken.createdAt, 'createdAt matches')
-            assert.equal(token.uaBrowser, verifiedUser.sessionToken.uaBrowser, 'uaBrowser matches')
-            assert.equal(token.uaBrowserVersion, verifiedUser.sessionToken.uaBrowserVersion, 'uaBrowserVersion matches')
-            assert.equal(token.uaOS, verifiedUser.sessionToken.uaOS, 'uaOS matches')
-            assert.equal(token.uaOSVersion, verifiedUser.sessionToken.uaOSVersion, 'uaOSVersion matches')
-            assert.equal(token.uaDeviceType, verifiedUser.sessionToken.uaDeviceType, 'uaDeviceType matches')
-            assert.equal(token.uaFormFactor, verifiedUser.sessionToken.uaFormFactor, 'uaFormFactor matches')
-            assert.equal(token.lastAccessTime, token.createdAt, 'lastAccessTime was set')
-            assert.equal(token.authAt, token.createdAt, 'authAt was set to default')
-            assert.equal(!! token.emailVerified, verifiedUser.account.emailVerified, 'emailVerified same as account emailVerified')
-            assert.equal(token.email, verifiedUser.account.email, 'token.email same as account email')
-            assert.deepEqual(token.emailCode, verifiedUser.account.emailCode, 'token emailCode same as account emailCode')
-            assert(token.verifierSetAt, 'verifierSetAt is set to a truthy value')
-            assert(token.accountCreatedAt > 0, 'accountCreatedAt is positive number')
-            assert.equal(token.mustVerify, undefined, 'mustVerify is undefined')
-            assert.equal(token.tokenVerificationId, undefined, 'tokenVerificationId is undefined')
-
-            // Fetch the verified session token with its verification state
-            return client.getThen('/sessionToken/' + verifiedUser.sessionTokenId + '/verified')
-          })
-          .then(function(r) {
-            var token = r.obj
-
             assert.deepEqual(token.tokenData, verifiedUser.sessionToken.data, 'token data matches')
             assert.deepEqual(token.uid, verifiedUser.accountId, 'token belongs to this account')
             assert.equal(token.createdAt, verifiedUser.sessionToken.createdAt, 'createdAt matches')
@@ -493,13 +435,6 @@ module.exports = function(cfg, makeServer) {
             // Fetch the newly verified session token
             return client.getThen('/sessionToken/' + user.sessionTokenId)
           })
-          .then(function(r) {
-            assert.equal(r.obj.mustVerify, undefined, 'mustVerify is undefined')
-            assert.equal(r.obj.tokenVerificationId, undefined, 'tokenVerificationId is undefined')
-
-            // Fetch the newly verified session token with its verification state
-            return client.getThen('/sessionToken/' + user.sessionTokenId + '/verified')
-          })
           .then(function(r) {
             assert.equal(r.obj.mustVerify, null, 'mustVerify is null')
             assert.equal(r.obj.tokenVerificationId, null, 'tokenVerificationId is null')
@@ -1571,21 +1506,18 @@ module.exports = function(cfg, makeServer) {
             .spread((sessionToken, keyFetchToken) => {
               respOkEmpty(sessionToken)
               respOkEmpty(keyFetchToken)
-              return client.getThen('/sessionToken/' + user.sessionTokenId + '/verified')
+              return client.getThen('/sessionToken/' + user.sessionTokenId)
             })
             .then((r) => {
               respOk(r)
-              const result = r.obj
-              assert.ok(result.tokenVerificationCodeHash, 'tokenVerificationCodeHash exists')
-              assert.equal(result.tokenVerificationCodeExpiresAt, user.sessionToken.tokenVerificationCodeExpiresAt, 'tokenVerificationCodeExpiresAt set')
               return client.postThen('/tokens/' + user.sessionToken.tokenVerificationCode + '/verifyCode', {
                 uid: user.accountId
               })
             })
             .then((r) => {
               respOk(r)
               return P.all([
-                client.getThen('/sessionToken/' + user.sessionTokenId + '/verified'),
+                client.getThen('/sessionToken/' + user.sessionTokenId),
                 client.getThen('/keyFetchToken/' + user.keyFetchTokenId + '/verified'),
               ])
             })

docs/API.md

@@ -67,7 +67,6 @@ The following datatypes are used throughout this document:
     * deleteDevice              : `DELETE /account/:id/device/:deviceId`
 * Session Tokens:
     * sessionToken              : `GET /sessionToken/:id`
-    * sessionTokenWithVerificationStatus : `GET /sessionToken/:id/verified`
     * sessionWithDevice         : `GET /sessionToken/:id/device`
     * deleteSessionToken        : `DELETE /sessionToken/:id`
     * createSessionToken        : `PUT /sessionToken/:id`
@@ -884,51 +883,6 @@ HTTP/1.1 200 OK
 Content-Type: application/json
 Content-Length: 285
 
-{
-    "data":"e2c3a8f73e826b9176e54e0f6ecb34b60b1e1979d254638f6b61d721c069d576",
-    "uid":"6044486dd15b42e08b1fb9167415b9ac",
-    "createdAt":1425004396952,
-    "id":"522c251a1623e1f1db1f4fe68b9594d26772d6e77e04cb68e110c58600f97a77"
-}
-```
-
-* Status Code : 200 OK
-    * Content-Type : 'application/json'
-    * Body : `[ ... <see example> ...]`
-* Status Code : 404 Not Found
-    * Conditions: if this session `tokenId` doesn't exist
-    * Content-Type : 'application/json'
-    * Body : `{"message":"Not Found"}`
-* Status Code : 500 Internal Server Error
-    * Conditions: if something goes wrong on the server
-    * Content-Type : 'application/json'
-    * Body : `{"code":"InternalError","message":"...<message related to the error>..."}`
-
-## sessionTokenWithVerificationStatus : `GET /sessionToken/<tokenId>/verified`
-
-### Example
-
-```
-curl \
-    -v \
-    -X GET \
-    http://localhost:8000/sessionToken/522c251a1623e1f1db1f4fe68b9594d26772d6e77e04cb68e110c58600f97a77/verified
-```
-
-### Request
-
-* Method : GET
-* Path : `/sessionToken/<tokenId>/verified`
-    * tokenId : hex256
-* Params: none
-
-### Response
-
-```
-HTTP/1.1 200 OK
-Content-Type: application/json
-Content-Length: 285
-
 {
     "data":"e2c3a8f73e826b9176e54e0f6ecb34b60b1e1979d254638f6b61d721c069d576",
     "uid":"6044486dd15b42e08b1fb9167415b9ac",
@@ -946,6 +900,13 @@ Content-Length: 285
     "verifierSetAt":1460548810011,
     "locale":"en_US",
     "accountCreatedAt":1460548810011,
+    "deviceId":"eb87eb63c2063bf5fd35e83b535c123d073db9156e49b58bcbf543f9d35467f6",
+    "deviceName":"foo",
+    "deviceType":"mobile",
+    "deviceCreatedAt":1460548810011,
+    "deviceCallbackURL":null,
+    "deviceCallbackPublicKey":null,
+    "deviceCallbackIsExpired":false,
     "mustVerify":true,
     "tokenVerificationId":"12c41fac80fd6149f3f695e188b5f846"
 }
@@ -955,7 +916,7 @@ Content-Length: 285
     * Content-Type : 'application/json'
     * Body : `[ ... <see example> ...]`
 * Status Code : 404 Not Found
-    * Conditions: if the sessionToken `tokenId` doesn't exist
+    * Conditions: if this session `tokenId` doesn't exist
     * Content-Type : 'application/json'
     * Body : `{"message":"Not Found"}`
 * Status Code : 500 Internal Server Error