/**
* test session id manipulations; expect isRegenerated flag == true
*
* @return void
*/
public function testRegenerateId()
{
// Check if session hasn't already been started by another test
if (!Zend_Session::isStarted()) {
Zend_Session::setId('myid123');
Zend_Session::regenerateId();
$this->assertFalse(Zend_Session::isRegenerated());
$id = Zend_Session::getId();
$this->assertTrue($id === 'myid123', 'getId() reported something different than set via setId("myid123")');
Zend_Session::start();
} else {
// Start session if it's not actually started
// That may happen if Zend_Session::$_unitTestEnabled is turned on while some other
// Unit tests utilize Zend_Session functionality
if (!defined('SID')) {
session_start();
}
// only regenerate session id if session has already been started
Zend_Session::regenerateId();
}
$this->assertTrue(Zend_Session::isRegenerated());
try {
Zend_Session::setId('someo-therid-123');
$this->fail('No exception was returned when trying to set the session id, after session_start()');
} catch (Zend_Session_Exception $e) {
$this->assertRegexp('/already.*started/i', $e->getMessage());
}
}
/**
* test session id manipulations; expect isRegenerated flag == true
*
* @return void
*/
public function testRegenerateId()
{
Zend_Session::setId('myid123');
Zend_Session::regenerateId();
$this->assertFalse(Zend_Session::isRegenerated());
$id = Zend_Session::getId();
$this->assertTrue($id === 'myid123', 'getId() reported something different than set via setId("myid123")');
Zend_Session::start();
$this->assertTrue(Zend_Session::isRegenerated());
try {
Zend_Session::setId($id);
$this->fail('No exception was returned when trying to set the session id, after session_start()');
} catch (Zend_Session_Exception $e) {
$this->assertRegexp('/already.*started/i', $e->getMessage());
}
}
/**
* セッションIDの再生成が行われたかチェック
*
* @static
* @access public
*/
public static function isRegenerated()
{
return parent::isRegenerated();
}
/**
* test session id manipulations; expect isRegenerated flag == true
*
* @return void
*/
public function testRegenerateId()
{
// Check if session hasn't already been started by another test
if (!Zend_Session::isStarted()) {
Zend_Session::setId('myid123');
Zend_Session::regenerateId();
$this->assertFalse(Zend_Session::isRegenerated());
$id = Zend_Session::getId();
$this->assertTrue($id === 'myid123', 'getId() reported something different than set via setId("myid123")');
Zend_Session::start();
} else {
// only regenerate session id if session has already been started
Zend_Session::regenerateId();
}
$this->assertTrue(Zend_Session::isRegenerated());
try {
Zend_Session::setId('someo_therid_123');
$this->fail('No exception was returned when trying to set the session id, after session_start()');
} catch (Zend_Session_Exception $e) {
$this->assertRegexp('/already.*started/i', $e->getMessage());
}
}
/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
if (!Zend_Auth::getInstance()->hasIdentity()) {
return;
}
$ident = \Zend_Auth::getInstance()->getIdentity();
if (isset($ident['authType']) && in_array($ident['authType'], array(App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_ACTIVATION_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_DOWNLOAD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN))) {
return;
}
$sessionMapper = SessionMapper::getInstance();
$session = $sessionMapper->findOneById(\Zend_Session::getId());
if (!$session || !isset($session['id'])) {
return;
}
if (($user = UserMapper::getInstance()->findOneById($session['id'])) && isset(self::$cookieLifeTimeByOrgType[$user->getOrgType()])) {
$cookieLifeTime = self::$cookieLifeTimeByOrgType[$user->getOrgType()];
} else {
$cookieLifeTime = self::$defaultCookieLifeTime;
}
/*
* Old sessions use string for created/expire field. New session use a MongoDate.
*/
$created = $session['metadata']['created'];
if ($created instanceof \MongoDate) {
$created = $created->sec;
}
if (time() - $created - $cookieLifeTime > 0) {
$this->_forceLogout($request, "Session Expired", PermissionCodes::AUTH_SESSION_EXPIRED);
return;
}
if (App_Util_Array::getItem(self::$avoidActions, $request->getModuleName() . '.' . $request->getControllerName() . '.' . $request->getActionName())) {
return;
}
if ($request->getHeader('X-M2mNoRenewSession')) {
return;
}
if (Zend_Session::isRegenerated()) {
return;
}
if (time() - $created < (1 - self::$tolerance) * $cookieLifeTime && (!self::$useProbability || rand(0, self::$probability))) {
return;
}
$sessionMapper->renewSession(\Zend_Session::getId());
// Zend_Session::regenerateId();
// if (isset($data['logout'])) {
// $sessionMapper->logoutSessionBySessionId(Zend_Session::getId(), $data['logout']);
// } else if (isset($data['messages'])) {
// $sessionMapper->addAllMessagesToAllSessionsBySessionId(Zend_Session::getId(), $data['messages']);
// }
}
/**
* Called before Zend_Controller_Front exits its dispatch loop.
*
* @return void
*/
public function dispatchLoopShutdown()
{
if (!Zend_Session::sessionExists() || !Zend_Auth::getInstance()->hasIdentity()) {
return;
}
$ident = Zend_Auth::getInstance()->getIdentity();
// Session management by auth type
$isTemporalLogin = in_array($ident['authType'], array(self::AUTH_TYPE_REGULAR, self::AUTH_TYPE_CORE, self::AUTH_TYPE_ACTIVATION_TOKEN, self::AUTH_TYPE_LOST_PASSWORD_TOKEN, self::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN));
$isVaporLogin = in_array($ident['authType'], array(self::AUTH_TYPE_LOST_PASSWORD, self::AUTH_TYPE_ASYNC, self::AUTH_TYPE_EXTERNAL, self::AUTH_TYPE_DOWNLOAD_TOKEN, self::AUTH_TYPE_THIRD_PARTY));
/*
* When request has used a vapor login or a failed temporal login we regenerate session.
* But if request is a success temporal login we add auth token header
*/
if ($isVaporLogin) {
// Destroy the session
Zend_Session::destroy();
$this->getResponse()->clearHeader('X-Csrf-Token');
$_SESSION = array();
} else {
if ($isTemporalLogin) {
if ($this->getResponse()->isException()) {
// Destroy the identity
Zend_Auth::getInstance()->clearIdentity();
// Regenerate a new session
if (!Zend_Session::isRegenerated()) {
Zend_Session::regenerateId();
}
} else {
if (!empty($ident['id'])) {
// Regenerate session
$this->getResponse()->setHeader('X-M2M-AuthToken', $ident['token'], true);
// Save last user access
$user = UserService::getInstance()->load($ident['id']);
$user->setLastLogin(time());
$user->save();
// Add user language (UX requirement)
$this->getResponse()->setHeader('X-M2M-UserLanguage', $user->getLanguage(), true);
}
}
}
}
}
