diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 234842b550..cf8ea1877e 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -593,15 +593,15 @@ class session } else if (!$bot) { - $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $provider_collection->get_provider(); - $this->data = $provider->autologin(); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); + $this->data = $provider->autologin(); - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; + } // If we're presented with an autologin key we'll join against it. // Else if we've been passed a user_id we'll grab data based on that diff --git a/tests/session/session_key_test.php b/tests/session/session_key_test.php index 31a470615c..bf3dfcaa3c 100644 --- a/tests/session/session_key_test.php +++ b/tests/session/session_key_test.php @@ -11,6 +11,7 @@ * */ +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; class phpbb_session_login_keys_test extends phpbb_session_test_case @@ -28,13 +29,14 @@ class phpbb_session_login_keys_test extends phpbb_session_test_case // With AutoLogin setup $this->session_factory->merge_config_data(array('allow_autologin' => true)); $session = $this->session_factory->get_session($this->db); + // Using a user_id and key that is already in the database $session->cookie_data['u'] = $this->user_id; $session->cookie_data['k'] = $this->key_id; - // Try to access session - $session->session_create($this->user_id, false, $this->user_id); - $this->assertEquals($this->user_id, $session->data['user_id'], "session should automatically login"); + // Try to access session with the session key + $session->session_create(false, false, false); + $this->assertEquals($this->user_id, $session->data['user_id'], 'User should be logged in by the session key'); } public function test_reset_keys() @@ -42,14 +44,19 @@ class phpbb_session_login_keys_test extends phpbb_session_test_case // With AutoLogin setup $this->session_factory->merge_config_data(array('allow_autologin' => true)); $session = $this->session_factory->get_session($this->db); + // Reset of the keys for this user $session->reset_login_keys($this->user_id); + // Using a user_id and key that was in the database (before reset) $session->cookie_data['u'] = $this->user_id; $session->cookie_data['k'] = $this->key_id; - // Try to access session - $session->session_create($this->user_id, false, $this->user_id); - $this->assertNotEquals($this->user_id, $session->data['user_id'], "session should be cleared"); + // Try to access session with the session key + $session->session_create(false, false, $this->user_id); + $this->assertNotEquals($this->user_id, $session->data['user_id'], 'User is not logged in because the session key is invalid'); + + $session->session_create($this->user_id, false, false); + $this->assertEquals($this->user_id, $session->data['user_id'], 'User should be logged in because we create a new session'); } } diff --git a/tests/test_framework/phpbb_session_test_case.php b/tests/test_framework/phpbb_session_test_case.php index d4fc174a12..efad4d5166 100644 --- a/tests/test_framework/phpbb_session_test_case.php +++ b/tests/test_framework/phpbb_session_test_case.php @@ -16,8 +16,13 @@ require_once dirname(__FILE__) . '/../session/testable_facade.php'; abstract class phpbb_session_test_case extends phpbb_database_test_case { + /** @var phpbb_session_testable_factory */ protected $session_factory; + + /** @var phpbb_session_testable_facade */ protected $session_facade; + + /** @var \phpbb\db\driver\driver_interface */ protected $db; function setUp()