/**
* Function to check logOut function.
*/
public function testLogOut()
{
UserManagement::createUser("owasp1", "owasp", "*****@*****.**");
//create a user.
User::activateAccount("owasp1");
$obj1 = UserManagement::logIn("owasp1", "owasp");
$obj2 = UserManagement::logIn("owasp1", "owasp");
//log in the same user from different device.
$obj3 = UserManagement::logIn("owasp1", "owasp");
//log in the same user from different device.
//set session variables to imitate real cookies.
$randomValue = randstr(32);
SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array($randomValue, time(), time(), $obj3->getUserID()));
$_COOKIE['SESSIONID'] = $randomValue;
UserManagement::logOut($obj3);
//log-out the user from this device. This should delete the session from the DB
$firstTest = $obj2->getUserID() != NULL;
//since this object is "not" logged out, this would still work
$result = SQL("SELECT * FROM SESSION");
$secondTest = count($result) == 0;
UserManagement::deleteUser("owasp1");
//delete the newly created users.
$this->assertTrue($firstTest && $secondTest);
}
