public function testStartInvalidFingerprint()
{
$handler = new \FabysCore\Component\Session\Handler\NativeSessionHandler();
$arraySession = new \FabysCore\Component\Session\Type\ArraySession($handler);
$arraySession->set("test", "value");
$request = \FabysCore\Component\HTTP\ServerRequest::createNew([], [], [], [], ["HTTP_USER_AGENT" => "test", "REMOTE_ADDR" => "127.0.0.1", "REQUEST_METHOD" => "GET", "HTTP_HOST" => "localhost", "REQUEST_URI" => "/", "SCRIPT_NAME" => "index.php"]);
$response = new \FabysCore\Component\HTTP\Response();
$session = new \FabysCore\Component\Session\Session($arraySession, 60);
$called = false;
$session->init($request, $response, function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response) use(&$called) {
$called = true;
});
$this->assertTrue($called);
$this->assertTrue($session->start());
$this->assertEquals("value", $session->get("test"));
$fingerPrint = $session->get("fabyscore._sessfingerprint");
$this->assertNotEmpty($fingerPrint);
$request = \FabysCore\Component\HTTP\ServerRequest::createNew([], [], [], [], ["HTTP_USER_AGENT" => "changed", "REMOTE_ADDR" => "127.0.0.1", "REQUEST_METHOD" => "GET", "HTTP_HOST" => "localhost", "REQUEST_URI" => "/", "SCRIPT_NAME" => "index.php"]);
$session2 = new \FabysCore\Component\Session\Session($arraySession, 60);
$called = false;
$session2->init($request, $response, function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response) use(&$called) {
$called = true;
});
$this->assertTrue($called);
$this->assertTrue($session2->start());
$this->assertNull($session->get("test"));
$this->assertNotEquals($fingerPrint, $session->get("fabyscore._sessfingerprint"));
}
/**
* adds the user data to the session
*
* @param UserInterface $user
* @param bool $rememberMe
* @return bool
*/
private function setSessionData(UserInterface $user, bool $rememberMe = false)
{
// process remember me
if ($rememberMe) {
$rememberMeToken = new RememberMeToken($user->getId(), $this->loginToken->getToken());
$this->loginToken->setRememberMeToken(password_hash($rememberMeToken->getToken(), PASSWORD_BCRYPT));
$rememberMeExpire = time() + $this->rememberMeLifetime;
$this->loginToken->setRememberMeExpire($rememberMeExpire);
$this->setRememberCookie(base64_encode($rememberMeToken->toString()), $rememberMeExpire);
}
// set session keys
$this->session->regenerate();
$this->session->set("security._user", $user->getId());
$this->session->set("security._logintoken", $this->loginToken->getToken());
return true;
}
/**
* generates the csrf token
*
* @param string $formId
* @return string
*/
public function generateToken(string $formId)
{
return hash("sha256", $formId . $this->session->getSessionId() . $this->secret);
}
