public function testEncryptDecrypt() { $key = 'foobar'; $data = 'very secret'; $iv = Crypt::getiv(); $encrypted = Crypt::encrypt($data, $key, $iv); $this->assertNotEquals($data, $encrypted); $decrypted = Crypt::decrypt($encrypted, $key, $iv); $this->assertEquals($data, $decrypted); }
public function testStorageCookie() { Conf::set('session_storage', '\\photon\\session\\storage\\Cookies'); Conf::set('secret_key', 'dummy'); // used to crypt/sign the cookies $req = \photon\test\HTTP::baseRequest(); $mid = new \photon\session\Middleware(); $this->assertEquals(false, $mid->process_request($req)); $this->assertEquals(false, isset($req->session['foo'])); $req->session['foo'] = 'bar'; $this->assertEquals(true, isset($req->session['foo'])); $this->assertEquals('bar', $req->session['foo']); unset($req->session['foo']); $this->assertEquals(null, $req->session['foo']); $this->assertEquals(false, isset($req->session['foo'])); $req->session['foo'] = 'bar'; unset($req->session['todelete']); $res = new \photon\http\Response('Hello!'); $mid->process_response($req, $res); $this->assertEquals(true, isset($res->headers['Vary'])); $this->assertEquals(true, isset($res->COOKIE['sid'])); $this->assertEquals(true, isset($res->COOKIE['scs-foo'])); $this->assertEquals(true, isset($res->COOKIE['scs-todelete'])); $iv = $res->COOKIE['scsiv']; // Now we generate a new request with an iv to test the retrieval $req = \photon\test\HTTP::baseRequest(); $req->COOKIE['scsiv'] = $iv; $req->COOKIE['scs-foo'] = \photon\crypto\Crypt::encrypt('bar', Conf::f('secret_key'), $iv); $this->assertEquals(false, $mid->process_request($req)); $this->assertEquals('bar', $req->session['foo']); }
/** * Given the response object, save the data. * * Even if your storage is not cookie based, if you are using a * cookie to store the session id, you must imperatively set the * cookie to keep track of the session id. * * @required public function commit($response) */ public function commit($response) { $timeout = time() + 365 * 24 * 3600; if (0 === strlen($this->iv)) { $this->iv = Crypt::getiv(); $response->COOKIE->setCookie('scsiv', $this->iv, $timeout); } foreach ($this->cache as $name => $val) { $val = Crypt::encrypt($val, Conf::f('secret_key'), $this->iv); $response->COOKIE->setCookie('scs-' . $name, $val, $timeout); } foreach ($this->deleted as $name => $val) { $response->COOKIE->delCookie('scs-' . $name); } return $this->getNewKey(json_encode($response->headers)); }