public function login($id) { $token = $this->createToken($id); $cookie = new Cookie($this->cookieName, time() + $this->duration, $this->cookiePath, $this->cookieDomain, $this->cookieSecure, true); $data = array('gid' => $id, 'token' => $token); $cookie->setData($data); $this->transceiver->send($cookie); $this->storage->addToken($id, $token); }
/** * Provides test data for the receive test. * * @return array the test data */ public function receiveProvider() { $cryptoFactory = new CryptoFactory(); $userGID = '58d93d649ffffffff5331ad0219ea200'; $res = array(); $cookie = new Cookie('test1', 0, '/', null, false, false); $cookie->setData('hello world'); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = $sendTransceiver; $success = true; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test2', 0, '/', null, false, true); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = $sendTransceiver; $success = true; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test3', 0, '/false', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = $sendTransceiver; $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', 'wrongdomain', false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = $sendTransceiver; $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', null, true, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = $sendTransceiver; $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id1', $userGID); $receiveTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id2', $userGID); $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id'); $success = true; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test27', 0, '/', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', 'wrong gid'); $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key2', new GID(), 'session id'); $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha512'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id'); $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); $cookie = new Cookie('test', 0, '/', null, false, false); $sendTransceiver = new SecureCookieTransceiver($cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getHashFunction('Sha256'), $cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $userGID); $receiveTransceiver = new DefaultCookieTransceiver(); $success = false; $res[] = array($cookie, $sendTransceiver, $receiveTransceiver, $success); return $res; }
/** * Starts the session. * * This method reads the session ID from the session cookie and stores it into the session * variable. * * Additionally this method also loads all session data from the encrypted session storage. * * @throws SIDConflictException when a generated session ID (SID) already exists */ private function start() { $requiresNewSession = false; // Try to get user cookie $cookie = $this->userCookieTransceiver->receive($this->cookieName); // If this fails, try to get a guest cookie $guest = false; if ($cookie === null) { $cookie = $this->guestCookieTransceiver->receive($this->cookieName); if ($cookie !== null) { $guest = true; } } // If cookie was not found, we need a new session if ($cookie === null) { $requiresNewSession = true; } else { // Get the SID $sid = $cookie->getData(); // Check if SID is invalid if (!$this->isValidSID($sid)) { $requiresNewSession = true; } else { // Check if session duration has expired $now = time(); $date = $this->storage->getDate($sid); if ($date !== null && $date < $now - $this->duration) { $this->storage->delete($sid); $requiresNewSession = true; } // If guest remove GID from session if ($guest) { $data = $this->storage->fetch($sid); if ($data !== null && isset($data['GID'])) { unset($data['GID']); $this->storage->store($sid, $data, true); } } } } // Send new guest cookie if ($requiresNewSession) { $sid = $this->createSID(); $cookie = new Cookie($this->cookieName, 0, $this->cookiePath, $this->cookieDomain, $this->cookieSecure, true); $cookie->setData($sid); $this->guestCookieTransceiver->send($cookie); if ($this->storage->exists($sid)) { throw new SIDConflictException("Session conflict for SID {$sid}"); } $this->storage->delete($sid); } // Store ID $this->sid = $sid; // Stores that the session was started $this->sessionStarted = true; // Run the garbage collector $dice = Math::getRandomFloat(0.0, 1.0); if (Math::getRandomFloat(0.0, 1.0) <= $this->garbageCollectorProbability) { $this->storage->deleteOld($this->duration); } }
/** * Tests deleting a cookie. */ public function testDelete() { $cookie = new Cookie('deleteCookie'); $cookie->setData('hello'); $this->remoteCall('send', $cookie); $this->assertEquals($cookie, $this->remoteCall('receive', $cookie->getName())); $this->assertEquals($cookie, $this->remoteCall('receive', $cookie->getName())); $this->remoteCall('send', new Cookie('deleteCookie', -1)); $this->assertNull($this->remoteCall('receive', $cookie->getName())); }
/** * Tests authentication failure due to a malformed GID inside the cookie. * * @covers empire\framework\login\DefaultPersistentLoginMethod::authenticate */ public function testAuthenticateCookieGidFail() { $gid = '58d93d649ffffffff5331ad0219ea200'; $storage = new JsonLoginStorage(__DIR__ . DIRECTORY_SEPARATOR . 'login.json', new Md5HashFunction(), 100, 'mykey'); $malformedCookie = new Cookie('login'); $malformedCookie->setData(array('gid' => 'not a valid gid', 'token' => 'not a valid token')); $transceiver = new DefaultCookieTransceiver(); $method = new DefaultPersistentLoginMethod($storage, $transceiver); $method->setCookieName('login'); $this->remoteCall('login', $method, $gid); $this->remoteCall('sendCookie', null, array($transceiver, $malformedCookie)); $this->assertNull($this->remoteCall('authenticate', $method)); }
/** * Sends a cookie to the client. * * @param Cookie $cookie the cookie to send * @return boolean whether the cookie could be sent */ public function send(Cookie $cookie) { $data = array(); $data['expires'] = $cookie->getExpires(); $data['path'] = $cookie->getPath(); $data['domain'] = $cookie->getDomain(); $data['secure'] = $cookie->getSecure(); $data['httpOnly'] = $cookie->getHTTPOnly(); $data['payload'] = $cookie->getData(); $data['transceiver'] = get_called_class(); $this->prepareSending($data); $data = base64_encode(serialize($data)); return setcookie($cookie->getName(), $data, $cookie->getExpires(), $cookie->getPath(), $cookie->getDomain(), $cookie->getSecure(), $cookie->getHTTPOnly()); }
/** * Tests authentication failure due to a malformed GID inside the cookie. * * @covers empire\framework\login\SecurePersistentLoginMethod::authenticate */ public function testAuthenticateCookieGidFail() { $gid = '58d93d649ffffffff5331ad0219ea200'; $storage = new JsonLoginStorage(__DIR__ . DIRECTORY_SEPARATOR . 'login.json', new Md5HashFunction(), 100, 'mykey'); $malformedCookie = new Cookie('login'); $malformedCookie->setData(array('gid' => 'not a valid gid', 'token' => 'not a valid token')); $transceiver = new SecureCookieTransceiver(self::$cryptoFactory->getHashFunction('Sha256'), self::$cryptoFactory->getHashFunction('Sha256'), self::$cryptoFactory->getSymmetricCypher('Aes256'), 'secret key', new GID(), 'session id', $gid); $method = new SecurePersistentLoginMethod($storage, $transceiver); $method->setCookieName('login'); $this->remoteCall('login', $method, $gid); $this->remoteCall('sendCookie', null, array($transceiver, $malformedCookie)); $this->assertNull($this->remoteCall('authenticate', $method)); }