function it_logs_user_out(SessionInterface $session, CookieSetterInterface $cookieSetter) { $session->set('_security_shop', null)->shouldBeCalled(); $session->save()->shouldBeCalled(); $session->getName()->willReturn('MOCKEDSID'); $session->getId()->willReturn('xyzc123'); $cookieSetter->setCookie('MOCKEDSID', 'xyzc123')->shouldBeCalled(); $this->logOut(); }
/** * @param UserInterface $user */ private function logInUser(UserInterface $user) { $token = new UsernamePasswordToken($user, $user->getPassword(), 'randomstringbutnotnull', $user->getRoles()); $this->session->set($this->sessionTokenVariable, serialize($token)); $this->session->save(); $this->cookieSetter->setCookie($this->session->getName(), $this->session->getId()); }
public function testSetName() { $this->assertEquals('MOCKSESSID', $this->session->getName()); $this->session->setName('session.test.com'); $this->session->start(); $this->assertEquals('session.test.com', $this->session->getName()); }
protected function generateCookie() { $lifetime = $this->options->getInt('cookie_lifetime'); if ($lifetime !== 0) { $lifetime += time(); } return new Cookie($this->session->getName(), $this->session->getId(), $lifetime, $this->options['cookie_path'], $this->options['cookie_domain'] ?: null, $this->options->getBoolean('cookie_secure'), $this->options->getBoolean('cookie_httponly')); }
/** * Write the session cookie to the response. * * @param \Symfony\Component\HttpFoundation\Response $response * @return void */ protected function writeSessionTo(Response $response) { // TODO: Take these values from config $lifetime = Carbon::now()->addMinutes(120); $path = '/'; $domain = null; $secure = false; $response->headers->setCookie(new Cookie($this->session->getName(), $this->session->getId(), $lifetime, $path, $domain, $secure)); }
public function onSiteAccessMatch(PostSiteAccessMatchEvent $event) { if (!($event->getRequestType() === HttpKernelInterface::MASTER_REQUEST && isset($this->session) && !$this->session->isStarted() && $this->sessionStorage instanceof NativeSessionStorage)) { return; } $sessionOptions = (array) $this->configResolver->getParameter('session'); $sessionName = isset($sessionOptions['name']) ? $sessionOptions['name'] : $this->session->getName(); $sessionOptions['name'] = $this->getSessionName($sessionName, $event->getSiteAccess()); $this->sessionStorage->setOptions($sessionOptions); }
/** * {@inheritdoc} */ public function logIn($email, $providerKey, Session $minkSession) { $user = $this->userRepository->findOneBy(['username' => $email]); if (null === $user) { throw new \InvalidArgumentException(sprintf('There is no user with email %s', $email)); } $token = new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles()); $this->session->set('_security_user', serialize($token)); $this->session->save(); $minkSession->setCookie($this->session->getName(), $this->session->getId()); }
public function getConfig() { $sessionInfo = ['isStarted' => false]; if ($this->session->isStarted()) { $sessionInfo['isStarted'] = true; $sessionInfo['name'] = $this->session->getName(); $sessionInfo['identifier'] = $this->session->getId(); $sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue(); $sessionInfo['href'] = $this->generateUrl('ezpublish_rest_deleteSession', ['sessionId' => $this->session->getId()]); } return $sessionInfo; }
public function onSiteAccessMatch(PostSiteAccessMatchEvent $event) { if (!$this->session || $event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST) { return; } $sessionName = $this->session->getName(); $request = $event->getRequest(); if (!$this->session->isStarted() && !$request->hasPreviousSession() && $request->request->has($sessionName)) { $this->session->setId($request->request->get($sessionName)); $this->session->start(); } }
public function onKernelRequest(GetResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; } $request = $event->getRequest(); if ($request->request->has('sessionId')) { $request->cookies->set($this->session->getName(), 1); $sessionId = $this->encryption->decrypt($request->request->get('sessionId')); $this->session->setId($sessionId); } }
/** * @param TokenInterface $token */ private function setToken(TokenInterface $token) { $serializedToken = serialize($token); $this->session->set($this->sessionTokenVariable, $serializedToken); $this->session->save(); $this->cookieSetter->setCookie($this->session->getName(), $this->session->getId()); }
/** * Adds the session settings to the parameters that will be injected * into the legacy kernel * * @param \eZ\Publish\Core\MVC\Legacy\Event\PreBuildKernelEvent $event */ public function onBuildKernelHandler(PreBuildKernelEvent $event) { $sessionInfos = array('configured' => false, 'started' => false, 'name' => false, 'namespace' => false, 'has_previous' => false, 'storage' => false); if (isset($this->session)) { $sessionInfos['configured'] = true; $sessionInfos['name'] = $this->session->getName(); $sessionInfos['started'] = $this->session->isStarted(); $sessionInfos['namespace'] = $this->sessionStorageKey; $sessionInfos['has_previous'] = isset($this->request) ? $this->request->hasPreviousSession() : false; $sessionInfos['storage'] = $this->sessionStorage; } $legacyKernelParameters = $event->getParameters(); $legacyKernelParameters->set('session', $sessionInfos); // Deactivate session cookie settings in legacy kernel. // This will force using settings defined in Symfony. $sessionSettings = array('site.ini/Session/CookieTimeout' => false, 'site.ini/Session/CookiePath' => false, 'site.ini/Session/CookieDomain' => false, 'site.ini/Session/CookieSecure' => false, 'site.ini/Session/CookieHttponly' => false); $legacyKernelParameters->set("injected-settings", $sessionSettings + (array) $legacyKernelParameters->get("injected-settings")); }
protected function makeCookie(Request $request) { // merge native PHP session cookie params with custom ones. $params = array_replace(session_get_cookie_params(), $this->cookies); // if the cookie lifetime is not 0 (closes when browser window closes), // add the request time and the lifetime to get the expiration time of // the cookie. if ($params['lifetime'] !== 0) { $params['lifetime'] = $request->server->get('REQUEST_TIME') + $params['lifetime']; } return new Cookie($this->session->getName(), $this->session->getId(), $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']); }
function it_logs_user_in(UserRepositoryInterface $userRepository, SessionInterface $session, CookieSetterInterface $cookieSetter, UserInterface $user) { $userRepository->findOneBy(['username' => '*****@*****.**'])->willReturn($user); $user->getRoles()->willReturn(['ROLE_USER']); $user->getPassword()->willReturn('xyz'); $user->serialize()->willReturn('serialized_user'); $session->set('_security_context_name', Argument::any())->shouldBeCalled(); $session->save()->shouldBeCalled(); $session->getName()->willReturn('MOCKEDSID'); $session->getId()->willReturn('xyzc123'); $cookieSetter->setCookie('MOCKEDSID', 'xyzc123')->shouldBeCalled(); $this->logIn('*****@*****.**'); }
/** * @param BaseUser $user * @param SessionInterface $session * @param $firewall * @throws UnsupportedDriverActionException */ public function login(BaseUser $user, SessionInterface $session, $firewall) { $driver = $this->getDriver(); if (!$driver instanceof BrowserKitDriver) { //Fall back to manual login if BrowserKitDriver is not used throw new UnsupportedDriverActionException("Not supported by the current driver", $driver); } $client = $driver->getClient(); $client->getCookieJar()->set(new Cookie(session_name(), true)); $token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles()); $session->set('_security_' . $firewall, serialize($token)); $session->save(); $cookie = new Cookie($session->getName(), $session->getId()); $client->getCookieJar()->set($cookie); }
/** * Whether the request contains a Session which was started in one of the * previous requests. * * @return bool * * @api */ public function hasPreviousSession() { // the check for $this->session avoids malicious users trying to fake a session cookie with proper name return $this->hasSession() && $this->cookies->has($this->session->getName()); }
/** * Get the session name * * @return string * @since 1.9 */ public function getName() { return $this->storage->getName(); }
/** * @param string $token */ private function restorePreviousSessionToken($token) { $this->setSerializedToken($token); $this->cookieSetter->setCookie($this->session->getName(), $this->session->getId()); }
private function withSessionCookie(Response $response, SessionInterface $session) { return FigResponseCookies::set($response, SetCookie::create($session->getName(), $session->getId())->withPath('/')->withHttpOnly(true)); }