public function testGetUser() { $userEntity = new Entity\Users(['username' => 'koala']); $tokenEntity = new Entity\Authtoken(); $token = new Token($userEntity, $tokenEntity); $user = $token->getUser(); $this->assertInstanceOf('Bolt\\AccessControl\\Token\\Token', $token); $this->assertInstanceOf('Bolt\\Storage\\Entity\\Users', $user); $this->assertSame('koala', $user->getUsername()); }
/** * Check the session is still valid for the device on which it was created, * and. i.e. the username, IP address, and (if configured) the browser agent * values are all still the same. * * @param Token\Token $sessionAuth * * @return boolean */ protected function checkSessionKeys(Token\Token $sessionAuth) { $userEntity = $sessionAuth->getUser(); $tokenEntity = $sessionAuth->getToken(); // The auth token is based on hostname, IP and browser user agent $key = $this->getAuthToken($userEntity->getUsername(), $tokenEntity->getSalt()); if ($key === $tokenEntity->getToken()) { return true; } // Audit the failure $event = new AccessControlEvent($this->requestStack->getCurrentRequest()); /** @var Token\Token $sessionAuth */ $sessionAuth = $this->session->get('authentication'); $userName = $sessionAuth ? $sessionAuth->getToken()->getUsername() : null; $event->setUserName($userName); $this->dispatcher->dispatch(AccessControlEvents::ACCESS_CHECK_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID)); $this->systemLogger->error("Invalidating session: Recalculated session token '{$key}' doesn't match user provided token '" . $tokenEntity->getToken() . "'", ['event' => 'authentication']); $this->systemLogger->info("Automatically logged out user '" . $userEntity->getUsername() . "': Session data didn't match.", ['event' => 'authentication']); return false; }
/** * Check the session is still valid for the device on which it was created, * and. i.e. the username, IP address, and (if configured) the browser agent * values are all still the same. * * @param Token\Token $sessionAuth * * @return boolean */ protected function checkSessionKeys(Token\Token $sessionAuth) { $userEntity = $sessionAuth->getUser(); $tokenEntity = $sessionAuth->getToken(); // The auth token is based on hostname, IP and browser user agent $key = $this->getAuthToken($userEntity->getUsername(), $tokenEntity->getSalt()); if ($key === $tokenEntity->getToken()) { return true; } $this->systemLogger->error("Invalidating session: Recalculated session token '{$key}' doesn't match user provided token '" . $tokenEntity->getToken() . "'", ['event' => 'authentication']); $this->systemLogger->info("Automatically logged out user '" . $userEntity->getUsername() . "': Session data didn't match.", ['event' => 'authentication']); return false; }