/**
* Set the Authtoken cookie and DB-entry. If it's already present, update it.
*
* @param Entity\Users $userEntity
*
* @return Entity\Authtoken
*/
protected function updateAuthToken($userEntity)
{
$salt = $this->randomGenerator->generateString(32);
if (!($tokenEntity = $this->repositoryAuthtoken->getUserToken($userEntity->getUsername(), $this->remoteIP, $this->userAgent))) {
$tokenEntity = new Entity\Authtoken();
}
$username = $userEntity->getUsername();
$token = $this->getAuthToken($username, $salt);
$validityPeriod = $this->cookieOptions['lifetime'];
$validityDate = new \DateTime();
$validityInterval = new \DateInterval("PT{$validityPeriod}S");
$tokenEntity->setUsername($userEntity->getUsername());
$tokenEntity->setToken($token);
$tokenEntity->setSalt($salt);
$tokenEntity->setValidity($validityDate->add($validityInterval));
$tokenEntity->setIp($this->remoteIP);
$tokenEntity->setLastseen(new \DateTime());
$tokenEntity->setUseragent($this->userAgent);
$this->repositoryAuthtoken->save($tokenEntity);
$this->systemLogger->debug("Saving new login token '{$token}' for user ID '{$username}'", ['event' => 'authentication']);
return $tokenEntity;
}
/**
* Set the Authtoken cookie and DB-entry. If it's already present, update it.
*
* @param Entity\Users $userEntity
*
* @return Entity\Authtoken
*/
protected function updateAuthToken($userEntity)
{
$username = $userEntity->getUsername();
$cookieLifetime = (int) $this->cookieOptions['lifetime'];
$tokenEntity = $this->getRepositoryAuthtoken()->getUserToken($userEntity->getUsername(), $this->getClientIp(), $this->getClientUserAgent());
if ($tokenEntity) {
$token = $tokenEntity->getToken();
} else {
$salt = $this->randomGenerator->generateString(32);
$token = $this->getAuthToken($username, $salt);
$tokenEntity = new Entity\Authtoken();
$tokenEntity->setUsername($userEntity->getUsername());
$tokenEntity->setToken($token);
$tokenEntity->setSalt($salt);
}
$tokenEntity->setValidity(Carbon::create()->addSeconds($cookieLifetime));
$tokenEntity->setIp($this->getClientIp());
$tokenEntity->setLastseen(Carbon::now());
$tokenEntity->setUseragent($this->getClientUserAgent());
$this->getRepositoryAuthtoken()->save($tokenEntity);
$this->systemLogger->debug("Saving new login token '{$token}' for user ID '{$username}'", ['event' => 'authentication']);
return $tokenEntity;
}
public function testIsValidSessionValidWithDbTokenNoDbUser()
{
$this->markTestIncomplete('Requires upcoming refactor of Repository DI');
$app = $this->getApp();
$this->addDefaultUser($app);
$userName = '******';
$salt = 'vinagre';
$ipAddress = '8.8.8.8';
// $hostName = 'bolt.dev';
$userAgent = 'Bolt PHPUnit tests';
// $cookieOptions = [
// 'remoteaddr' => true,
// 'httphost' => true,
// 'browseragent' => false,
// ];
// $logger = $this->getMock('\Bolt\Logger\FlashLogger', ['info']);
// $logger->expects($this->atLeastOnce())
// ->method('info')
// ->with($this->equalTo('You have been logged out.'));
// $app['logger.flash'] = $logger;
// $app->boot();
$userEntity = new Entity\Users();
$userEntity->setUsername($userName);
$tokenEntity = new Entity\Authtoken();
$tokenEntity->setUsername($userName);
$tokenEntity->setToken('gum-leaves');
$tokenEntity->setSalt($salt);
$tokenEntity->setIp($ipAddress);
$tokenEntity->setUseragent('Bolt PHPUnit tests');
$repo = $app['storage']->getRepository('Bolt\\Storage\\Entity\\Authtoken');
$repo->save($tokenEntity);
$token = new Token($userEntity, $tokenEntity);
$request = Request::createFromGlobals();
$request->server->set('REMOTE_ADDR', $ipAddress);
$request->server->set('HTTP_USER_AGENT', $userAgent);
$request->cookies->set($app['token.authentication.name'], $token);
$app['request_stack']->push($request);
$app['session']->start();
$app['session']->set('authentication', $token);
$accessControl = $this->getAccessControl();
$this->assertInstanceOf('Bolt\\AccessControl\\AccessChecker', $accessControl);
$mockAuth = $this->getMock('Bolt\\Storage\\Entity\\Authtoken', ['getToken']);
$mockAuth->expects($this->once())->method('getToken');
$app['storage']->setRepository('Bolt\\Storage\\Entity\\Authtoken', $mockAuth);
$mockUser = $this->getMock('Bolt\\Storage\\Entity\\Users', ['getUser']);
$mockUser->expects($this->never())->method('getUser');
$app['storage']->setRepository('Bolt\\Storage\\Entity\\Users', $mockUser);
$response = $accessControl->isValidSession($token);
$this->assertFalse($response);
}