/**
* @covers Alchemy\Phrasea\Authentication\PersistentCookie\Manager::getSession
*/
public function testGetSessionReturnFalse()
{
$encoder = $this->getPasswordEncoderMock();
$browser = $this->getBrowserMock();
$tokenValue = 'encrypted-persistent-value';
$browser->expects($this->once())->method('getBrowser')->will($this->returnValue('Firefox'));
$browser->expects($this->once())->method('getPlatform')->will($this->returnValue('Linux'));
$session = new Session();
$session->setNonce('prettyN0nce');
$repo = $this->getMockBuilder('Doctrine\\ORM\\EntityRepository')->disableOriginalConstructor()->getMock();
$repo->expects($this->once())->method('findOneBy')->with($this->equalTo(['token' => $tokenValue]))->will($this->returnValue($session));
$manager = new Manager($encoder, $repo, $browser);
$encoder->expects($this->once())->method('isPasswordValid')->with($this->anything(), 'Firefox_Linux', 'prettyN0nce')->will($this->returnValue(false));
$this->assertFalse($manager->getSession($tokenValue));
}
public function refreshAccount(Session $session)
{
if (!$this->app['repo.sessions']->find($session->getId())) {
throw new RuntimeException('Unable to refresh the session, it does not exist anymore');
}
if (null === ($user = $session->getUser())) {
throw new RuntimeException('Unable to refresh the session');
}
$this->session->clear();
$this->populateSession($session);
foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) {
\cache_databox::insertClient($this->app, $databox);
}
$this->reinitUser();
return $session;
}
/**
* {@inheritdoc}
*/
public function apply(base $appbox, Application $app)
{
try {
$sql = 'SELECT usr_id, user_agent, ip, platform, browser, app,
browser_version, screen, token, nonce, lastaccess, created_on
FROM cache';
$stmt = $appbox->get_connection()->prepare($sql);
$stmt->execute();
$rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
$stmt->closeCursor();
} catch (DBALException $e) {
// this may fail on oldest versions
return false;
}
foreach ($rs as $row) {
if (null === ($user = $this->loadUser($app['EM'], $row['usr_id']))) {
continue;
}
$created = $updated = null;
if ('0000-00-00 00:00:00' !== $row['created_on']) {
$created = \DateTime::createFromFormat('Y-m-d H:i:s', $row['created_on']);
}
if ('0000-00-00 00:00:00' !== $row['lastaccess']) {
$updated = \DateTime::createFromFormat('Y-m-d H:i:s', $row['lastaccess']);
}
$session = new Session();
$session->setUser($user)->setUserAgent($row['user_agent'])->setUpdated($updated)->setToken($row['token'])->setPlatform($row['platform'])->setNonce($row['nonce'])->setIpAddress($row['ip'])->setCreated($created)->setBrowserVersion($row['browser_version'])->setBrowserName($row['browser']);
$sizes = explode('x', $row['screen']);
if (2 === count($sizes)) {
$session->setScreenWidth($sizes[0])->setScreenHeight($sizes[1]);
}
if (false !== ($apps = @unserialize($row['app']))) {
foreach ($apps as $appli) {
$module = new SessionModule();
$module->setModuleId($appli)->setCreated($created)->setSession($session)->setUpdated($updated);
$session->addModule($module);
$app['EM']->persist($module);
}
}
$app['EM']->persist($session);
}
$app['EM']->flush();
return true;
}
/**
* @covers Alchemy\Phrasea\Authentication\Authenticator::isAuthenticated
*/
public function testIsAuthenticated()
{
$app = $this->loadApp();
$sessionEntity = new Session();
$sessionEntity->setUser(self::$DI['user']);
$sessionEntity->setUserAgent('');
$app['browser'] = $browser = $this->getBrowserMock();
$app['session'] = $session = $this->getSessionMock();
$app['EM'] = $em = $this->getEntityManagerMock();
$app['EM']->expects($this->any())->method('find')->with($this->equalTo('Phraseanet:Session'), $this->equalTo(1))->will($this->returnValue($sessionEntity));
$userRepository = $this->getMockBuilder('Alchemy\\Phrasea\\Model\\Repositories\\UserRepository')->disableOriginalConstructor()->getMock();
$userRepository->expects($this->once())->method('find')->with($this->equalTo(self::$DI['user']->getId()))->will($this->returnValue(self::$DI['user']));
$app['manipulator.user'] = $this->getMockBuilder('Alchemy\\Phrasea\\Model\\Manipulator\\UserManipulator')->disableOriginalConstructor()->getMock();
$app['manipulator.user']->expects($this->once())->method('getRepository')->will($this->returnValue($userRepository));
$session->set('usr_id', self::$DI['user']->getId());
$session->set('session_id', 1);
$authenticator = new Authenticator($app, $browser, $session, $app['EM']);
$this->assertTrue($authenticator->isAuthenticated());
$this->assertEquals(self::$DI['user'], $authenticator->getUser());
}
/**
* Authenticates self::['user'] against application.
*
* @param Application $app
* @param User $user
*/
protected function authenticate(Application $app, $user = null)
{
$user = $user ?: self::$DI['user'];
$app['session']->clear();
$app['session']->set('usr_id', self::$DI['user']->getId());
$session = new Session();
$session->setUser(self::$DI['user']);
$session->setUserAgent('');
self::$DI['app']['EM']->persist($session);
self::$DI['app']['EM']->flush();
$app['session']->set('session_id', $session->getId());
self::$DI['app']['authentication']->reinitUser();
}
public function testEndSessionAuthenticatedWithOutdatedIdleXmlHttpRequest()
{
$app = new Application('test');
$app['dispatcher']->addSubscriber(new SessionManagerSubscriber($app));
$app['authentication'] = $this->getMockBuilder('Alchemy\\Phrasea\\Authentication\\Authenticator')->disableOriginalConstructor()->getMock();
$app['authentication']->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$app['authentication']->expects($this->once())->method('closeAccount')->will($this->returnValue(null));
$session = new Session();
$session->setUpdated(new \DateTime('-1 hour'));
$app['EM'] = $this->getMockBuilder('Doctrine\\ORM\\EntityManager')->disableOriginalConstructor()->getMock();
$app['repo.sessions'] = $this->getMockBuilder('Doctrine\\Common\\Persistence\\ObjectRepository')->getMock();
$app['repo.sessions']->expects($this->once())->method('find')->will($this->returnValue($session));
$app['EM']->expects($this->any())->method('persist')->will($this->returnValue(null));
$app['EM']->expects($this->any())->method('flush')->will($this->returnValue(null));
$app['phraseanet.configuration']['session'] = ['idle' => 10, 'lifetime' => 60475];
$app->get('/login', function () {
return '';
})->bind("homepage");
$app->get('/prod', function () {
return '';
});
$client = new Client($app);
$client->request('GET', '/prod', [], [], ['HTTP_ACCEPT' => 'application/json', 'HTTP_X-Requested-With' => 'XMLHttpRequest']);
$this->assertTrue($client->getResponse()->isClientError());
$this->assertNotNUll($client->getResponse()->headers->get('x-phraseanet-end-session'));
}
/**
* Authenticates self::['user'] against application.
*
* @param Application $app
* @param User $user
*/
protected function authenticate(Application $app, User $user = null)
{
/** @var User $user */
$user = $user ?: self::$DI['user'];
$app['session']->clear();
$app['session']->set('usr_id', $user->getId());
$session = new Session();
$session->setUser($user);
$session->setUserAgent('');
$app['orm.em']->persist($session);
$app['orm.em']->flush();
$app['session']->set('session_id', $session->getId());
$app->getAuthenticator()->reinitUser();
}
/**
* {@inheritDoc}
*/
public function hasModuleId($moduleId)
{
$this->__initializer__ && $this->__initializer__->__invoke($this, 'hasModuleId', array($moduleId));
return parent::hasModuleId($moduleId);
}
