public function testDoesNotLogUserOutIfUserIdAndSessionTokenMismatch() { $userId = 123; $sessionToken = 'token'; $userSession = new WebServiceUserSession(999); $this->userSessionRepository->expects($this->once())->method('LoadBySessionToken')->with($this->equalTo($sessionToken))->will($this->returnValue($userSession)); $this->webAuth->Logout($userId, $sessionToken); $this->assertFalse($this->fakeAuth->_LogoutCalled); }
public function testHandlesWhenUserIsNotAdmin() { $this->session->IsAdmin = false; $this->server->expects($this->at(0))->method('GetHeader')->with($this->equalTo(WebServiceHeaders::SESSION_TOKEN))->will($this->returnValue($this->sessionToken)); $this->server->expects($this->at(1))->method('GetHeader')->with($this->equalTo(WebServiceHeaders::USER_ID))->will($this->returnValue($this->userId)); $this->userSessionRepository->expects($this->once())->method('LoadBySessionToken')->with($this->equalTo($this->sessionToken))->will($this->returnValue($this->session)); $wasHandled = $this->security->HandleSecureRequest($this->server, true); $this->assertFalse($wasHandled); $this->assertFalse($this->session->_SessionExtended); }