public function testStartInvalidFingerprint() { $handler = new \FabysCore\Component\Session\Handler\NativeSessionHandler(); $arraySession = new \FabysCore\Component\Session\Type\ArraySession($handler); $arraySession->set("test", "value"); $request = \FabysCore\Component\HTTP\ServerRequest::createNew([], [], [], [], ["HTTP_USER_AGENT" => "test", "REMOTE_ADDR" => "127.0.0.1", "REQUEST_METHOD" => "GET", "HTTP_HOST" => "localhost", "REQUEST_URI" => "/", "SCRIPT_NAME" => "index.php"]); $response = new \FabysCore\Component\HTTP\Response(); $session = new \FabysCore\Component\Session\Session($arraySession, 60); $called = false; $session->init($request, $response, function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response) use(&$called) { $called = true; }); $this->assertTrue($called); $this->assertTrue($session->start()); $this->assertEquals("value", $session->get("test")); $fingerPrint = $session->get("fabyscore._sessfingerprint"); $this->assertNotEmpty($fingerPrint); $request = \FabysCore\Component\HTTP\ServerRequest::createNew([], [], [], [], ["HTTP_USER_AGENT" => "changed", "REMOTE_ADDR" => "127.0.0.1", "REQUEST_METHOD" => "GET", "HTTP_HOST" => "localhost", "REQUEST_URI" => "/", "SCRIPT_NAME" => "index.php"]); $session2 = new \FabysCore\Component\Session\Session($arraySession, 60); $called = false; $session2->init($request, $response, function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response) use(&$called) { $called = true; }); $this->assertTrue($called); $this->assertTrue($session2->start()); $this->assertNull($session->get("test")); $this->assertNotEquals($fingerPrint, $session->get("fabyscore._sessfingerprint")); }
/** * adds the user data to the session * * @param UserInterface $user * @param bool $rememberMe * @return bool */ private function setSessionData(UserInterface $user, bool $rememberMe = false) { // process remember me if ($rememberMe) { $rememberMeToken = new RememberMeToken($user->getId(), $this->loginToken->getToken()); $this->loginToken->setRememberMeToken(password_hash($rememberMeToken->getToken(), PASSWORD_BCRYPT)); $rememberMeExpire = time() + $this->rememberMeLifetime; $this->loginToken->setRememberMeExpire($rememberMeExpire); $this->setRememberCookie(base64_encode($rememberMeToken->toString()), $rememberMeExpire); } // set session keys $this->session->regenerate(); $this->session->set("security._user", $user->getId()); $this->session->set("security._logintoken", $this->loginToken->getToken()); return true; }
/** * generates the csrf token * * @param string $formId * @return string */ public function generateToken(string $formId) { return hash("sha256", $formId . $this->session->getSessionId() . $this->secret); }