makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3040 from nickvergessen/ticket/13138-asc

Browse source 
[3.1] Ticket/13138 Only use cookie data when we do not force a user_id

Conflicts:
	phpBB/phpbb/session.php
This commit is contained in:
Joas Schilling 2014-10-20 22:19:25 +02:00
commit 75b6545bc2
3 changed files with 26 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
tests/session/session_key_test.php
View file

@ -11,6 +11,7 @@
* *
*/ */
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_login_keys_test extends phpbb_session_test_case class phpbb_session_login_keys_test extends phpbb_session_test_case
@ -28,13 +29,14 @@ class phpbb_session_login_keys_test extends phpbb_session_test_case
// With AutoLogin setup // With AutoLogin setup
$this->session_factory->merge_config_data(array('allow_autologin' => true)); $this->session_factory->merge_config_data(array('allow_autologin' => true));
$session = $this->session_factory->get_session($this->db); $session = $this->session_factory->get_session($this->db);
// Using a user_id and key that is already in the database // Using a user_id and key that is already in the database
$session->cookie_data['u'] = $this->user_id; $session->cookie_data['u'] = $this->user_id;
$session->cookie_data['k'] = $this->key_id; $session->cookie_data['k'] = $this->key_id;
// Try to access session
$session->session_create($this->user_id, false, $this->user_id);
$this->assertEquals($this->user_id, $session->data['user_id'], "session should automatically login"); // Try to access session with the session key
$session->session_create(false, false, false);
$this->assertEquals($this->user_id, $session->data['user_id'], 'User should be logged in by the session key');
} }
public function test_reset_keys() public function test_reset_keys()
@ -42,14 +44,19 @@ class phpbb_session_login_keys_test extends phpbb_session_test_case
// With AutoLogin setup // With AutoLogin setup
$this->session_factory->merge_config_data(array('allow_autologin' => true)); $this->session_factory->merge_config_data(array('allow_autologin' => true));
$session = $this->session_factory->get_session($this->db); $session = $this->session_factory->get_session($this->db);
// Reset of the keys for this user // Reset of the keys for this user
$session->reset_login_keys($this->user_id); $session->reset_login_keys($this->user_id);
// Using a user_id and key that was in the database (before reset) // Using a user_id and key that was in the database (before reset)
$session->cookie_data['u'] = $this->user_id; $session->cookie_data['u'] = $this->user_id;
$session->cookie_data['k'] = $this->key_id; $session->cookie_data['k'] = $this->key_id;
// Try to access session
$session->session_create($this->user_id, false, $this->user_id);
$this->assertNotEquals($this->user_id, $session->data['user_id'], "session should be cleared"); // Try to access session with the session key
$session->session_create(false, false, $this->user_id);
$this->assertNotEquals($this->user_id, $session->data['user_id'], 'User is not logged in because the session key is invalid');
$session->session_create($this->user_id, false, false);
$this->assertEquals($this->user_id, $session->data['user_id'], 'User should be logged in because we create a new session');
} }
} }

5
tests/test_framework/phpbb_session_test_case.php
View file

@ -16,8 +16,13 @@ require_once dirname(__FILE__) . '/../session/testable_facade.php';
abstract class phpbb_session_test_case extends phpbb_database_test_case abstract class phpbb_session_test_case extends phpbb_database_test_case
{ {
/** @var phpbb_session_testable_factory */
protected $session_factory; protected $session_factory;
/** @var phpbb_session_testable_facade */
protected $session_facade; protected $session_facade;
/** @var \phpbb\db\driver\driver_interface */
protected $db; protected $db;
function setUp() function setUp()