public function testStartInvalidFingerprint() { $handler = new \FabysCore\Component\Session\Handler\NativeSessionHandler(); $arraySession = new \FabysCore\Component\Session\Type\ArraySession($handler); $arraySession->set("test", "value"); $request = \FabysCore\Component\HTTP\ServerRequest::createNew([], [], [], [], ["HTTP_USER_AGENT" => "test", "REMOTE_ADDR" => "127.0.0.1", "REQUEST_METHOD" => "GET", "HTTP_HOST" => "localhost", "REQUEST_URI" => "/", "SCRIPT_NAME" => "index.php"]); $response = new \FabysCore\Component\HTTP\Response(); $session = new \FabysCore\Component\Session\Session($arraySession, 60); $called = false; $session->init($request, $response, function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response) use(&$called) { $called = true; }); $this->assertTrue($called); $this->assertTrue($session->start()); $this->assertEquals("value", $session->get("test")); $fingerPrint = $session->get("fabyscore._sessfingerprint"); $this->assertNotEmpty($fingerPrint); $request = \FabysCore\Component\HTTP\ServerRequest::createNew([], [], [], [], ["HTTP_USER_AGENT" => "changed", "REMOTE_ADDR" => "127.0.0.1", "REQUEST_METHOD" => "GET", "HTTP_HOST" => "localhost", "REQUEST_URI" => "/", "SCRIPT_NAME" => "index.php"]); $session2 = new \FabysCore\Component\Session\Session($arraySession, 60); $called = false; $session2->init($request, $response, function (\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response) use(&$called) { $called = true; }); $this->assertTrue($called); $this->assertTrue($session2->start()); $this->assertNull($session->get("test")); $this->assertNotEquals($fingerPrint, $session->get("fabyscore._sessfingerprint")); }
/** * authenticates user from session data * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * @return ResponseInterface */ public function authenticateSession(ServerRequestInterface $request, ResponseInterface $response, callable $next) { // check user $userId = $this->session->get("security._user"); if ($userId === null) { return $next($request, $response); } // check login token $loginToken = $this->session->get("security._logintoken"); if ($loginToken === null) { $this->session->delete("security._user"); return $next($request, $response); } // refresh user $this->user = $this->userProvider->refreshUser((string) $userId, $loginToken); return $next($request, $response); }