store only user id in session in order to avoid invalidating all sessions when user model changes

commafeed-server/src/test/java/com/commafeed/frontend/auth/SecurityCheckFactoryTest.java

@@ -5,6 +5,7 @@ import java.util.Optional;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 
+import com.commafeed.backend.dao.UserDAO;
 import com.commafeed.backend.model.User;
 import com.commafeed.backend.service.UserService;
 import com.commafeed.backend.service.internal.PostLoginActivities;
@@ -15,15 +16,17 @@ class SecurityCheckFactoryTest {
 	@Test
 	void cookieLoginShouldPerformPostLoginActivities() {
 		User userInSession = new User();
+		UserDAO userDAO = Mockito.mock(UserDAO.class);
+		Mockito.when(userDAO.findById(1L)).thenReturn(userInSession);
 
 		SessionHelper sessionHelper = Mockito.mock(SessionHelper.class);
-		Mockito.when(sessionHelper.getLoggedInUser()).thenReturn(Optional.of(userInSession));
+		Mockito.when(sessionHelper.getLoggedInUserId()).thenReturn(Optional.of(1L));
 
 		PostLoginActivities postLoginActivities = Mockito.mock(PostLoginActivities.class);
 
 		UserService service = new UserService(null, null, null, null, null, null, null, postLoginActivities);
 
-		SecurityCheckFactory factory = new SecurityCheckFactory(service, null, null, false);
+		SecurityCheckFactory factory = new SecurityCheckFactory(userDAO, service, null, null, false);
 		factory.cookieSessionLogin(sessionHelper);
 
 		Mockito.verify(postLoginActivities).executeFor(userInSession);

commafeed-server/src/test/java/com/commafeed/frontend/session/SessionHelperTest.java

@@ -13,14 +13,12 @@ import jakarta.servlet.http.HttpSession;
 
 class SessionHelperTest {
 
-	private static final String SESSION_KEY_USER = "user";
-
 	@Test
 	void gettingUserDoesNotCreateSession() {
 		HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 
 		SessionHelper sessionHelper = new SessionHelper(request);
-		sessionHelper.getLoggedInUser();
+		sessionHelper.getLoggedInUserId();
 
 		Mockito.verify(request).getSession(false);
 	}
@@ -31,23 +29,23 @@ class SessionHelperTest {
 		Mockito.when(request.getSession(false)).thenReturn(null);
 
 		SessionHelper sessionHelper = new SessionHelper(request);
-		Optional<User> user = sessionHelper.getLoggedInUser();
+		Optional<Long> userId = sessionHelper.getLoggedInUserId();
 
-		Assertions.assertFalse(user.isPresent());
+		Assertions.assertFalse(userId.isPresent());
 	}
 
 	@Test
 	void gettingUserShouldNotReturnUserIfUserNotPresentInHttpSession() {
 		HttpSession session = Mockito.mock(HttpSession.class);
-		Mockito.when(session.getAttribute(SESSION_KEY_USER)).thenReturn(null);
+		Mockito.when(session.getAttribute(SessionHelper.SESSION_KEY_USER_ID)).thenReturn(null);
 
 		HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 		Mockito.when(request.getSession(false)).thenReturn(session);
 
 		SessionHelper sessionHelper = new SessionHelper(request);
-		Optional<User> user = sessionHelper.getLoggedInUser();
+		Optional<Long> userId = sessionHelper.getLoggedInUserId();
 
-		Assertions.assertFalse(user.isPresent());
+		Assertions.assertFalse(userId.isPresent());
 	}
 
 	@Test
@@ -55,16 +53,15 @@ class SessionHelperTest {
 		User userInSession = new User();
 
 		HttpSession session = Mockito.mock(HttpSession.class);
-		Mockito.when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
+		Mockito.when(session.getAttribute(SessionHelper.SESSION_KEY_USER_ID)).thenReturn(1L);
 
 		HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 		Mockito.when(request.getSession(false)).thenReturn(session);
 
 		SessionHelper sessionHelper = new SessionHelper(request);
-		Optional<User> user = sessionHelper.getLoggedInUser();
+		Optional<Long> userId = sessionHelper.getLoggedInUserId();
 
-		Assertions.assertTrue(user.isPresent());
-		Assertions.assertEquals(userInSession, user.get());
+		Assertions.assertTrue(userId.isPresent());
 	}
 
 }