* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Http\Tests\RememberMe; use PHPUnit\Framework\TestCase; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; use Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices; class TokenBasedRememberMeServicesTest extends TestCase { public function testAutoLoginReturnsNullWhenNoCookie() { $service = $this->getService(null, array('name' => 'foo')); $this->assertNull($service->autoLogin(new Request())); } public function testAutoLoginThrowsExceptionOnInvalidCookie() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => false, 'remember_me_parameter' => 'foo')); $request = new Request(); $request->request->set('foo', 'true'); $request->cookies->set('foo', 'foo'); $this->assertNull($service->autoLogin($request)); $this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared()); } public function testAutoLoginThrowsExceptionOnNonExistentUser() { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); $request = new Request(); $request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time() + 3600, 'foopass')); $userProvider ->expects($this->once()) ->method('loadUserByUsername') ->will($this->throwException(new UsernameNotFoundException('user not found'))) ; $this->assertNull($service->autoLogin($request)); $this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared()); } public function testAutoLoginDoesNotAcceptCookieWithInvalidHash() { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); $request = new Request(); $request->cookies->set('foo', base64_encode('class:'.base64_encode('foouser').':123456789:fooHash')); $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $user ->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foopass')) ; $userProvider ->expects($this->once()) ->method('loadUserByUsername') ->with($this->equalTo('foouser')) ->will($this->returnValue($user)) ; $this->assertNull($service->autoLogin($request)); $this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared()); } public function testAutoLoginDoesNotAcceptAnExpiredCookie() { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); $request = new Request(); $request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time() - 1, 'foopass')); $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $user ->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foopass')) ; $userProvider ->expects($this->once()) ->method('loadUserByUsername') ->with($this->equalTo('foouser')) ->will($this->returnValue($user)) ; $this->assertNull($service->autoLogin($request)); $this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared()); } /** * @dataProvider provideUsernamesForAutoLogin * * @param string $username */ public function testAutoLogin($username) { $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $user ->expects($this->once()) ->method('getRoles') ->will($this->returnValue(array('ROLE_FOO'))) ; $user ->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foopass')) ; $userProvider = $this->getProvider(); $userProvider ->expects($this->once()) ->method('loadUserByUsername') ->with($this->equalTo($username)) ->will($this->returnValue($user)) ; $service = $this->getService($userProvider, array('name' => 'foo', 'always_remember_me' => true, 'lifetime' => 3600)); $request = new Request(); $request->cookies->set('foo', $this->getCookie('fooclass', $username, time() + 3600, 'foopass')); $returnedToken = $service->autoLogin($request); $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken', $returnedToken); $this->assertSame($user, $returnedToken->getUser()); $this->assertEquals('foosecret', $returnedToken->getSecret()); } public function provideUsernamesForAutoLogin() { return array( array('foouser', 'Simple username'), array('foo'.TokenBasedRememberMeServices::COOKIE_DELIMITER.'user', 'Username might contain the delimiter'), ); } public function testLogout() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'secure' => true, 'httponly' => false)); $request = new Request(); $response = new Response(); $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock(); $service->logout($request, $response, $token); $cookie = $request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME); $this->assertTrue($cookie->isCleared()); $this->assertEquals('/', $cookie->getPath()); $this->assertNull($cookie->getDomain()); $this->assertTrue($cookie->isSecure()); $this->assertFalse($cookie->isHttpOnly()); } public function testLoginFail() { $service = $this->getService(null, array('name' => 'foo', 'path' => '/foo', 'domain' => 'foodomain.foo')); $request = new Request(); $service->loginFail($request); $cookie = $request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME); $this->assertTrue($cookie->isCleared()); $this->assertEquals('/foo', $cookie->getPath()); $this->assertEquals('foodomain.foo', $cookie->getDomain()); } public function testLoginSuccessIgnoresTokensWhichDoNotContainAnUserInterfaceImplementation() { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null)); $request = new Request(); $response = new Response(); $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock(); $token ->expects($this->once()) ->method('getUser') ->will($this->returnValue('foo')) ; $cookies = $response->headers->getCookies(); $this->assertCount(0, $cookies); $service->loginSuccess($request, $response, $token); $cookies = $response->headers->getCookies(); $this->assertCount(0, $cookies); } public function testLoginSuccess() { $service = $this->getService(null, array('name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true)); $request = new Request(); $response = new Response(); $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock(); $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $user ->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foopass')) ; $user ->expects($this->once()) ->method('getUsername') ->will($this->returnValue('foouser')) ; $token ->expects($this->atLeastOnce()) ->method('getUser') ->will($this->returnValue($user)) ; $cookies = $response->headers->getCookies(); $this->assertCount(0, $cookies); $service->loginSuccess($request, $response, $token); $cookies = $response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY); $cookie = $cookies['myfoodomain.foo']['/foo/path']['foo']; $this->assertFalse($cookie->isCleared()); $this->assertTrue($cookie->isSecure()); $this->assertTrue($cookie->isHttpOnly()); $this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610); $this->assertEquals('myfoodomain.foo', $cookie->getDomain()); $this->assertEquals('/foo/path', $cookie->getPath()); } protected function getCookie($class, $username, $expires, $password) { $service = $this->getService(); $r = new \ReflectionMethod($service, 'generateCookieValue'); $r->setAccessible(true); return $r->invoke($service, $class, $username, $expires, $password); } protected function encodeCookie(array $parts) { $service = $this->getService(); $r = new \ReflectionMethod($service, 'encodeCookie'); $r->setAccessible(true); return $r->invoke($service, $parts); } protected function getService($userProvider = null, $options = array(), $logger = null) { if (null === $userProvider) { $userProvider = $this->getProvider(); } $service = new TokenBasedRememberMeServices(array($userProvider), 'foosecret', 'fookey', $options, $logger); return $service; } protected function getProvider() { $provider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock(); $provider ->expects($this->any()) ->method('supportsClass') ->will($this->returnValue(true)) ; return $provider; } } __halt_compiler();----SIGNATURE:----bzTK+dnbEzW8ojFM3SREKnDNmiZsbDU3d6vDL7uKxwG4EimcTeUc4G/0pt83jsN1p8sp/UqMPfojyCB2uWf2Mq7SAoZz3ACrVHqu/XLdVoRXDWHhrgjumNICd6gQXTcl1X7w1H8c78y8NpEzwXK7uzPUd9aQxPF7bQBEapcCxZCd078ZwMoOTn2mVPGzkKdkB9syOT6WW2H2cGX51iW9ORdfbgwYG/1lETKvRValASLNzP0yrRacyFyLxDEzK6/RZ2wroZm8G43XHg3rum4/AI7Hu5ZC7SBi5QTsloXE/LyM1B7zA91pdDWfmY6356fYVmsSRBIHTSxf3mhA+ad00P2/xebwsKIwQ+2B4eV53P4aKTSmHqBnJUzf9Tv1Rog6s5gVs63UE3AWzaif2OYcZF2EXZGMMUD8CM5SU4aC/nmewLIy12ksDs3+gUuvHV7HGd6f3wPnfL8z4m0NopL9qaQhZ8HRh0VDpx2yANcYyb9+5hk6GSjC4SmvdkGcNoMPjdfWuxRmSx7E3m9YLcKzxZhiLObetD/WA9kydy8LgMyyvWiT307Cysepf/uDg9z0X9ZH7OXZ0G/vBYur4izvyIpcUJGsJzqqV8+7Yak0bxI5Gi20u60W0V+d45LsC78I9MqM+AGT03FGD3Zp/yWkVuW0p3cisAjUWZ9E5Ynv3I4=----ATTACHMENT:----NTU2MTI2NjkzMzkwNjc2OSA4OTQ1OTY1NjU0NjAxNzQ5IDMzNTk0OTc5NDA4ODM3Nzk=