public function testDoesNotLogUserOutIfUserIdAndSessionTokenMismatch()
{
$userId = 123;
$sessionToken = 'token';
$userSession = new WebServiceUserSession(999);
$this->userSessionRepository->expects($this->once())->method('LoadBySessionToken')->with($this->equalTo($sessionToken))->will($this->returnValue($userSession));
$this->webAuth->Logout($userId, $sessionToken);
$this->assertFalse($this->fakeAuth->_LogoutCalled);
}
public function testHandlesWhenUserIsNotAdmin()
{
$this->session->IsAdmin = false;
$this->server->expects($this->at(0))->method('GetHeader')->with($this->equalTo(WebServiceHeaders::SESSION_TOKEN))->will($this->returnValue($this->sessionToken));
$this->server->expects($this->at(1))->method('GetHeader')->with($this->equalTo(WebServiceHeaders::USER_ID))->will($this->returnValue($this->userId));
$this->userSessionRepository->expects($this->once())->method('LoadBySessionToken')->with($this->equalTo($this->sessionToken))->will($this->returnValue($this->session));
$wasHandled = $this->security->HandleSecureRequest($this->server, true);
$this->assertFalse($wasHandled);
$this->assertFalse($this->session->_SessionExtended);
}
