From 0ec7a19149aaffbc879e446bb2a6cccaabd4b447 Mon Sep 17 00:00:00 2001
From: Zeke Gabrielse <ezekg@yahoo.com>
Date: Wed, 26 Feb 2025 16:27:31 -0600
Subject: [PATCH] add test for banned license

---
 features/api/v1/tokens/sessions.feature | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/features/api/v1/tokens/sessions.feature b/features/api/v1/tokens/sessions.feature
index 71b550e58..5af945a96 100644
--- a/features/api/v1/tokens/sessions.feature
+++ b/features/api/v1/tokens/sessions.feature
@@ -533,6 +533,16 @@ Feature: Token sessions
       }
       """
 
+  Scenario: License validates their key via session authentication (banned)
+    Given the current account is "test1"
+    And the current account has 1 banned "user"
+    And the current account has 1 "license" for the last "user" as "owner"
+    And I am a license of account "test1"
+    And I authenticate with a session
+    When I send a POST request to "/accounts/test1/licenses/$0/actions/validate"
+    And the response headers should contain "Set-Cookie" with an expired "session_id" cookie
+    Then the response status should be "403"
+
   # update
   Scenario: Product updates their license via session authentication
     Given the current account is "test1"