Development

Changeset 10040

You must first sign up to be able to contribute.

Changeset 10040

Show
Ignore:
Timestamp:
07/01/08 13:09:27 (6 years ago)
Author:
fabien
Message:

fixed session id regeneration to only regenerate the id if there is a change

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • branches/1.1/lib/user/sfBasicSecurityUser.class.php

    r9942 r10040  
    6969 
    7070          unset($this->credentials[$key]); 
     71 
     72          $this->storage->regenerate(false); 
     73 
    7174          return; 
    7275        } 
    7376      } 
    74  
    75       $this->storage->regenerate(false); 
    7677    } 
    7778  } 
     
    104105    } 
    105106 
     107    $added = false; 
    106108    foreach ($credentials as $aCredential) 
    107109    { 
    108110      if (!in_array($aCredential, $this->credentials)) 
    109111      { 
     112        $added = true; 
    110113        $this->credentials[] = $aCredential; 
    111114      } 
    112115    } 
    113116 
    114     $this->storage->regenerate(false); 
     117    if ($added) 
     118    { 
     119      $this->storage->regenerate(false); 
     120    } 
    115121  } 
    116122 
     
    180186    } 
    181187 
    182     if ($authenticated === true) 
    183     { 
    184       $this->authenticated = true; 
    185     } 
    186     else 
    187     { 
    188       $this->authenticated = false; 
    189       $this->clearCredentials(); 
    190     } 
    191  
    192     $this->storage->regenerate(false); 
     188    if ((bool) $authenticated !== $this->authenticated) 
     189    { 
     190      if ($authenticated === true) 
     191      { 
     192        $this->authenticated = true; 
     193      } 
     194      else 
     195      { 
     196        $this->authenticated = false; 
     197        $this->clearCredentials(); 
     198      } 
     199 
     200      $this->storage->regenerate(false); 
     201    } 
    193202  } 
    194203 
  • branches/1.1/test/unit/user/sfBasicSecurityUserTest.php

    r6658 r10040  
    1111require_once(dirname(__FILE__).'/../../bootstrap/unit.php'); 
    1212 
    13 $t = new lime_test(41, new lime_output_color()); 
     13$t = new lime_test(47, new lime_output_color()); 
     14 
     15class MySessionStorage extends sfSessionTestStorage 
     16
     17  public function regenerate($destroy = false) 
     18  { 
     19    $this->sessionId = rand(1, 9999); 
     20 
     21    return true; 
     22  } 
     23
    1424 
    1525$dispatcher = new sfEventDispatcher(); 
    1626$sessionPath = sfToolkit::getTmpDir().'/sessions_'.rand(11111, 99999); 
    17 $storage = new sfSessionTestStorage(array('session_path' => $sessionPath)); 
     27$storage = new MySessionStorage(array('session_path' => $sessionPath)); 
    1828 
    1929$user = new sfBasicSecurityUser($dispatcher, $storage); 
     
    3646$user->setAuthenticated(false); 
    3747$t->is($user->isAuthenticated(), false, '->setAuthenticated() accepts a boolean as its first parameter'); 
     48 
     49// session id regeneration 
     50$user->setAuthenticated(false); 
     51$id = $storage->getSessionId(); 
     52$user->setAuthenticated(true); 
     53$t->isnt($id, $id = $storage->getSessionId(), '->setAuthenticated() regenerates the session id if the authentication changes'); 
     54$user->setAuthenticated(true); 
     55$t->is($storage->getSessionId(), $id, '->setAuthenticated() does not regenerate the session id if the authentication does not change'); 
     56$user->addCredential('foo'); 
     57$t->isnt($id, $id = $storage->getSessionId(), '->addCredential() regenerates the session id if a new credential is added'); 
     58$t->is($id, $storage->getSessionId(), '->addCredential() does not regenerate the session id if the credential already exists'); 
     59$user->removeCredential('foo'); 
     60$t->isnt($id, $id = $storage->getSessionId(), '->removeCredential() regenerates the session id if a credential is removed'); 
     61$t->is($id, $storage->getSessionId(), '->removeCredential() does not regenerate the session id if the credential does not exist'); 
    3862 
    3963// ->setTimedOut() ->getTimedOut()