function it_logs_user_out(SessionInterface $session, CookieSetterInterface $cookieSetter)
{
$session->set('_security_shop', null)->shouldBeCalled();
$session->save()->shouldBeCalled();
$session->getName()->willReturn('MOCKEDSID');
$session->getId()->willReturn('xyzc123');
$cookieSetter->setCookie('MOCKEDSID', 'xyzc123')->shouldBeCalled();
$this->logOut();
}
/**
* @param UserInterface $user
*/
private function logInUser(UserInterface $user)
{
$token = new UsernamePasswordToken($user, $user->getPassword(), 'randomstringbutnotnull', $user->getRoles());
$this->session->set($this->sessionTokenVariable, serialize($token));
$this->session->save();
$this->cookieSetter->setCookie($this->session->getName(), $this->session->getId());
}
public function testSetName()
{
$this->assertEquals('MOCKSESSID', $this->session->getName());
$this->session->setName('session.test.com');
$this->session->start();
$this->assertEquals('session.test.com', $this->session->getName());
}
protected function generateCookie()
{
$lifetime = $this->options->getInt('cookie_lifetime');
if ($lifetime !== 0) {
$lifetime += time();
}
return new Cookie($this->session->getName(), $this->session->getId(), $lifetime, $this->options['cookie_path'], $this->options['cookie_domain'] ?: null, $this->options->getBoolean('cookie_secure'), $this->options->getBoolean('cookie_httponly'));
}
/**
* Write the session cookie to the response.
*
* @param \Symfony\Component\HttpFoundation\Response $response
* @return void
*/
protected function writeSessionTo(Response $response)
{
// TODO: Take these values from config
$lifetime = Carbon::now()->addMinutes(120);
$path = '/';
$domain = null;
$secure = false;
$response->headers->setCookie(new Cookie($this->session->getName(), $this->session->getId(), $lifetime, $path, $domain, $secure));
}
public function onSiteAccessMatch(PostSiteAccessMatchEvent $event)
{
if (!($event->getRequestType() === HttpKernelInterface::MASTER_REQUEST && isset($this->session) && !$this->session->isStarted() && $this->sessionStorage instanceof NativeSessionStorage)) {
return;
}
$sessionOptions = (array) $this->configResolver->getParameter('session');
$sessionName = isset($sessionOptions['name']) ? $sessionOptions['name'] : $this->session->getName();
$sessionOptions['name'] = $this->getSessionName($sessionName, $event->getSiteAccess());
$this->sessionStorage->setOptions($sessionOptions);
}
/**
* {@inheritdoc}
*/
public function logIn($email, $providerKey, Session $minkSession)
{
$user = $this->userRepository->findOneBy(['username' => $email]);
if (null === $user) {
throw new \InvalidArgumentException(sprintf('There is no user with email %s', $email));
}
$token = new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
$this->session->set('_security_user', serialize($token));
$this->session->save();
$minkSession->setCookie($this->session->getName(), $this->session->getId());
}
public function getConfig()
{
$sessionInfo = ['isStarted' => false];
if ($this->session->isStarted()) {
$sessionInfo['isStarted'] = true;
$sessionInfo['name'] = $this->session->getName();
$sessionInfo['identifier'] = $this->session->getId();
$sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
$sessionInfo['href'] = $this->generateUrl('ezpublish_rest_deleteSession', ['sessionId' => $this->session->getId()]);
}
return $sessionInfo;
}
public function onSiteAccessMatch(PostSiteAccessMatchEvent $event)
{
if (!$this->session || $event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST) {
return;
}
$sessionName = $this->session->getName();
$request = $event->getRequest();
if (!$this->session->isStarted() && !$request->hasPreviousSession() && $request->request->has($sessionName)) {
$this->session->setId($request->request->get($sessionName));
$this->session->start();
}
}
public function onKernelRequest(GetResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$request = $event->getRequest();
if ($request->request->has('sessionId')) {
$request->cookies->set($this->session->getName(), 1);
$sessionId = $this->encryption->decrypt($request->request->get('sessionId'));
$this->session->setId($sessionId);
}
}
/**
* @param TokenInterface $token
*/
private function setToken(TokenInterface $token)
{
$serializedToken = serialize($token);
$this->session->set($this->sessionTokenVariable, $serializedToken);
$this->session->save();
$this->cookieSetter->setCookie($this->session->getName(), $this->session->getId());
}
/**
* Adds the session settings to the parameters that will be injected
* into the legacy kernel
*
* @param \eZ\Publish\Core\MVC\Legacy\Event\PreBuildKernelEvent $event
*/
public function onBuildKernelHandler(PreBuildKernelEvent $event)
{
$sessionInfos = array('configured' => false, 'started' => false, 'name' => false, 'namespace' => false, 'has_previous' => false, 'storage' => false);
if (isset($this->session)) {
$sessionInfos['configured'] = true;
$sessionInfos['name'] = $this->session->getName();
$sessionInfos['started'] = $this->session->isStarted();
$sessionInfos['namespace'] = $this->sessionStorageKey;
$sessionInfos['has_previous'] = isset($this->request) ? $this->request->hasPreviousSession() : false;
$sessionInfos['storage'] = $this->sessionStorage;
}
$legacyKernelParameters = $event->getParameters();
$legacyKernelParameters->set('session', $sessionInfos);
// Deactivate session cookie settings in legacy kernel.
// This will force using settings defined in Symfony.
$sessionSettings = array('site.ini/Session/CookieTimeout' => false, 'site.ini/Session/CookiePath' => false, 'site.ini/Session/CookieDomain' => false, 'site.ini/Session/CookieSecure' => false, 'site.ini/Session/CookieHttponly' => false);
$legacyKernelParameters->set("injected-settings", $sessionSettings + (array) $legacyKernelParameters->get("injected-settings"));
}
protected function makeCookie(Request $request)
{
// merge native PHP session cookie params with custom ones.
$params = array_replace(session_get_cookie_params(), $this->cookies);
// if the cookie lifetime is not 0 (closes when browser window closes),
// add the request time and the lifetime to get the expiration time of
// the cookie.
if ($params['lifetime'] !== 0) {
$params['lifetime'] = $request->server->get('REQUEST_TIME') + $params['lifetime'];
}
return new Cookie($this->session->getName(), $this->session->getId(), $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
function it_logs_user_in(UserRepositoryInterface $userRepository, SessionInterface $session, CookieSetterInterface $cookieSetter, UserInterface $user)
{
$userRepository->findOneBy(['username' => '*****@*****.**'])->willReturn($user);
$user->getRoles()->willReturn(['ROLE_USER']);
$user->getPassword()->willReturn('xyz');
$user->serialize()->willReturn('serialized_user');
$session->set('_security_context_name', Argument::any())->shouldBeCalled();
$session->save()->shouldBeCalled();
$session->getName()->willReturn('MOCKEDSID');
$session->getId()->willReturn('xyzc123');
$cookieSetter->setCookie('MOCKEDSID', 'xyzc123')->shouldBeCalled();
$this->logIn('*****@*****.**');
}
/**
* @param BaseUser $user
* @param SessionInterface $session
* @param $firewall
* @throws UnsupportedDriverActionException
*/
public function login(BaseUser $user, SessionInterface $session, $firewall)
{
$driver = $this->getDriver();
if (!$driver instanceof BrowserKitDriver) {
//Fall back to manual login if BrowserKitDriver is not used
throw new UnsupportedDriverActionException("Not supported by the current driver", $driver);
}
$client = $driver->getClient();
$client->getCookieJar()->set(new Cookie(session_name(), true));
$token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
$session->set('_security_' . $firewall, serialize($token));
$session->save();
$cookie = new Cookie($session->getName(), $session->getId());
$client->getCookieJar()->set($cookie);
}
/**
* Whether the request contains a Session which was started in one of the
* previous requests.
*
* @return bool
*
* @api
*/
public function hasPreviousSession()
{
// the check for $this->session avoids malicious users trying to fake a session cookie with proper name
return $this->hasSession() && $this->cookies->has($this->session->getName());
}
/**
* Get the session name
*
* @return string
* @since 1.9
*/
public function getName()
{
return $this->storage->getName();
}
/**
* @param string $token
*/
private function restorePreviousSessionToken($token)
{
$this->setSerializedToken($token);
$this->cookieSetter->setCookie($this->session->getName(), $this->session->getId());
}
private function withSessionCookie(Response $response, SessionInterface $session)
{
return FigResponseCookies::set($response, SetCookie::create($session->getName(), $session->getId())->withPath('/')->withHttpOnly(true));
}
