private function RegisterSession(Users $vo_User, $b_ReturnAuthTokenAsString = false) { // Log the login. UserLoginLogDAO::save(new UserLoginLog(array('user_id' => $vo_User->user_id, 'ip' => ip2long($_SERVER['REMOTE_ADDR'])))); // Expire the local session cache. self::$current_session = null; //find if this user has older sessions $vo_AuthT = new AuthTokens(); $vo_AuthT->setUserId($vo_User->getUserId()); //erase expired tokens try { $tokens_erased = AuthTokensDAO::expireAuthTokens($vo_User->getUserId()); } catch (Exception $e) { // Best effort self::$log->error("Failed to delete expired tokens: {$e->getMessage}()"); } // Create the new token $entropy = bin2hex(mcrypt_create_iv(SessionController::AUTH_TOKEN_ENTROPY_SIZE, MCRYPT_DEV_URANDOM)); $s_AuthT = $entropy . '-' . $vo_User->getUserId() . '-' . hash('sha256', OMEGAUP_MD5_SALT . $vo_User->getUserId() . $entropy); $vo_AuthT = new AuthTokens(); $vo_AuthT->setUserId($vo_User->getUserId()); $vo_AuthT->setToken($s_AuthT); try { AuthTokensDAO::save($vo_AuthT); } catch (Exception $e) { throw new InvalidDatabaseOperationException($e); } if (self::$setCookieOnRegisterSession) { $sm = $this->getSessionManagerInstance(); $sm->setCookie(OMEGAUP_AUTH_TOKEN_COOKIE_NAME, $s_AuthT, 0, '/'); } Cache::deleteFromCache(Cache::SESSION_PREFIX, $s_AuthT); if ($b_ReturnAuthTokenAsString) { return $s_AuthT; } }
public function testDeleteTokenExpired() { // Create an user in omegaup $user = UserFactory::createUser(); $auth_token = self::login($user); // Expire token manually $auth_token_dao = AuthTokensDAO::getByPK($auth_token); $auth_token_dao->setCreateTime(date('Y-m-d H:i:s', strtotime($auth_token_dao->getCreateTime() . ' - 9 hour'))); AuthTokensDAO::save($auth_token_dao); $auth_token_2 = self::login($user); $existingTokens = AuthTokensDAO::getByPK($auth_token); $this->assertNull($existingTokens); }