public function testLogout() { Session::set('role.name', 'test'); Session::set('role.id', 1); $user = $this->createUser(1); $payload = ['email' => $user['email'], 'password' => $this->user1['password']]; $rs = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload); $content = $rs->getContent(); $this->assertTrue(!empty($content['session_id'])); $rs = $this->makeRequest(Verbs::DELETE, static::RESOURCE); $content = $rs->getContent(); $this->assertTrue($content['success']); $this->setExpectedException('\\DreamFactory\\Core\\Exceptions\\UnauthorizedException'); $this->makeRequest(Verbs::GET, static::RESOURCE); }
public function testPOSTRegister() { $u = $this->user1; $password = Arr::get($u, 'password'); $payload = ['first_name' => Arr::get($u, 'first_name'), 'last_name' => Arr::get($u, 'last_name'), 'name' => Arr::get($u, 'name'), 'email' => Arr::get($u, 'email'), 'phone' => Arr::get($u, 'phone'), 'security_question' => Arr::get($u, 'security_question'), 'security_answer' => Arr::get($u, 'security_answer'), 'password' => $password, 'password_confirmation' => Arr::get($u, 'password_confirmation', $password)]; Session::setUserInfoWithJWT(User::find(1)); $r = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload); $c = $r->getContent(); $this->assertTrue(Arr::get($c, 'success')); Session::set('role.name', 'test'); Session::set('role.id', 1); $this->service = ServiceHandler::getService('user'); $r = $this->makeRequest(Verbs::POST, 'session', [], ['email' => Arr::get($u, 'email'), 'password' => Arr::get($u, 'password')]); $c = $r->getContent(); $this->assertTrue(!empty(Arr::get($c, 'session_id'))); }
public static function set($name, $value) { \Session::set($name, $value); }
/** * @param Request $request * @param \Closure $next * * @return array|mixed|string */ public function handle(Request $request, \Closure $next) { if (!in_array($route = $request->getPathInfo(), ['/setup', '/setup_db'])) { try { $apiKey = static::getApiKey($request); Session::setApiKey($apiKey); $appId = App::getAppIdByApiKey($apiKey); //Get the JWT. $token = static::getJwt($request); Session::setSessionToken($token); //Check for basic auth attempt. $basicAuthUser = $request->getUser(); $basicAuthPassword = $request->getPassword(); if (!empty($basicAuthUser) && !empty($basicAuthPassword)) { //Attempting to login using basic auth. Auth::onceBasic(); /** @var User $authenticatedUser */ $authenticatedUser = Auth::user(); if (!empty($authenticatedUser)) { $userId = $authenticatedUser->id; Session::setSessionData($appId, $userId); } else { throw new UnauthorizedException('Unauthorized. User credentials did not match.'); } } elseif (!empty($token)) { //JWT supplied meaning an authenticated user session/token. /** * Note: All caught exception from JWT are stored in session variables. * These are later checked and handled appropriately in the AccessCheck middleware. * * This is to allow processing API calls that do not require any valid * authenticated session. For example POST user/session to login, * PUT user/session to refresh old JWT, GET system/environment etc. * * This also allows for auditing API calls that are called by not permitted/processed. * It also allows counting unauthorized API calls against Enterprise Console limits. */ try { JWTAuth::setToken($token); /** @type Payload $payload */ $payload = JWTAuth::getPayload(); JWTUtilities::verifyUser($payload); $userId = $payload->get('user_id'); Session::setSessionData($appId, $userId); } catch (TokenExpiredException $e) { JWTUtilities::clearAllExpiredTokenMaps(); Session::set('token_expired', true); Session::set('token_expired_msg', $e->getMessage()); } catch (TokenBlacklistedException $e) { Session::set('token_blacklisted', true); Session::set('token_blacklisted_msg', $e->getMessage()); } catch (TokenInvalidException $e) { Session::set('token_invalid', true); Session::set('token_invalid_msg', 'Invalid token: ' . $e->getMessage()); } } elseif (!empty($apiKey)) { //Just Api Key is supplied. No authenticated session Session::setSessionData($appId); } return $next($request); } catch (\Exception $e) { return ResponseFactory::getException($e, $request); } } return $next($request); }
public function setUp() { parent::setUp(); Session::set('role.name', 'test'); Session::set('role.id', 1); }
/** * @param Request $request * @param \Closure $next * * @return array|mixed|string */ public function handle(Request $request, \Closure $next) { if (!in_array($route = $request->getPathInfo(), ['/setup', '/setup_db'])) { try { $apiKey = static::getApiKey($request); Session::setApiKey($apiKey); $appId = App::getAppIdByApiKey($apiKey); //Get the JWT. $token = static::getJwt($request); Session::setSessionToken($token); //Check for basic auth attempt. $basicAuthUser = $request->getUser(); $basicAuthPassword = $request->getPassword(); if (!empty($basicAuthUser) && !empty($basicAuthPassword)) { //Attempting to login using basic auth. Auth::onceBasic(); /** @var User $authenticatedUser */ $authenticatedUser = Auth::user(); if (!empty($authenticatedUser)) { $userId = $authenticatedUser->id; Session::setSessionData($appId, $userId); } else { throw new UnauthorizedException('Unauthorized. User credentials did not match.'); } } elseif (!empty($token)) { //JWT supplied meaning an authenticated user session/token. try { JWTAuth::setToken($token); /** @type Payload $payload */ $payload = JWTAuth::getPayload(); JWTUtilities::verifyUser($payload); $userId = $payload->get('user_id'); Session::setSessionData($appId, $userId); } catch (TokenExpiredException $e) { JWTUtilities::clearAllExpiredTokenMaps(); Session::set('token_expired', true); Session::set('token_expired_msg', $e->getMessage()); } catch (TokenBlacklistedException $e) { throw new ForbiddenException($e->getMessage()); } catch (TokenInvalidException $e) { throw new BadRequestException('Invalid token: ' . $e->getMessage(), 401); } } elseif (!empty($apiKey)) { //Just Api Key is supplied. No authenticated session Session::setSessionData($appId); } return $next($request); } catch (\Exception $e) { return ResponseFactory::getException($e, $request); } } return $next($request); }