public function testFromStringInvalid() { $token = RememberMeToken::fromString('invalid_json'); $this->assertFalse($token); }
/** * authenticates user from remember me cookie * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * @return ResponseInterface */ public function authenticateRememberMe(ServerRequestInterface $request, ResponseInterface $response, callable $next) { // check user if ($this->user !== null) { return $next($request, $response); } // get remember me token from cookie $cookies = $request->getCookieParams(); if (!isset($cookies[$this->rememberMeName])) { return $next($request, $response); } $rememberMeTokenStr = base64_decode($cookies[$this->rememberMeName]); if (strpos($rememberMeTokenStr, "{") !== 0) { return $next($request, $response); } $rememberMeToken = RememberMeToken::fromString($rememberMeTokenStr); if (!$rememberMeToken instanceof RememberMeToken) { return $next($request, $response); } // retrieve the login token $loginToken = $this->userProvider->retrieveLoginToken((string) $rememberMeToken->getUserId()); if ($loginToken === null) { return $next($request, $response); } if (!hash_equals($loginToken->getToken(), $rememberMeToken->getLoginToken())) { $this->setRememberCookie("", time() - 42000); return $next($request, $response); } // check token if (!password_verify($rememberMeToken->getToken(), $loginToken->getRememberMeToken())) { $this->setRememberCookie("", time() - 42000); return $next($request, $response); } // authenticate $newToken = bin2hex(random_bytes(22)); $rememberMeToken->setToken($newToken); $this->setRememberCookie(base64_encode($rememberMeToken->toString()), (int) $loginToken->getRememberMeExpire()); $loginToken->setRememberMeToken(password_hash($newToken, PASSWORD_BCRYPT)); $this->loginTokenFactory->save($loginToken); $this->loginToken = $loginToken; $this->session->regenerate(); $this->session->set("security._user", $rememberMeToken->getUserId()); $this->session->set("security._logintoken", $rememberMeToken->getLoginToken()); $this->user = $this->userProvider->refreshUser((string) $rememberMeToken->getUserId(), $rememberMeToken->getLoginToken()); return $next($request, $response); }