fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add Session::getGenericToken() for general-purpose token handling

Browse source
This commit is contained in:
Kijin Sung 2017-03-06 11:24:09 +09:00
parent 81511e47b1
commit a0f2388842
2 changed files with 28 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
common/framework/session.php
View file

@ -373,6 +373,7 @@ class Session
$_SESSION['RHYMIX']['timezone'] = DateTime::getTimezoneForCurrentUser();
$_SESSION['RHYMIX']['secret'] = Security::getRandom(32, 'alnum');
$_SESSION['RHYMIX']['tokens'] = array();
$_SESSION['RHYMIX']['token'] = false;
$_SESSION['is_webview'] = self::_isBuggyUserAgent();
$_SESSION['is_new_session'] = true;
$_SESSION['is_logged'] = false;
@ -842,6 +843,26 @@ class Session
}
}
/**
* Get a generic token that is not restricted to any particular key.
*
* @return string|false
*/
public static function getGenericToken()
{
if (!self::isStarted())
{
return false;
}
if (!$_SESSION['RHYMIX']['token'])
{
$_SESSION['RHYMIX']['token'] = self::createToken('');
}
return $_SESSION['RHYMIX']['token'];
}
/**
* Create a token that can only be verified in the same session.
*

7
tests/unit/framework/SessionTest.php
View file

@ -334,9 +334,16 @@ class SessionTest extends \Codeception\TestCase\Test
$this->assertFalse(Rhymix\Framework\Session::verifyToken($token2, '/wrong/key'));
$this->assertFalse(Rhymix\Framework\Session::verifyToken(strrev($token2)));
$token3 = Rhymix\Framework\Session::getGenericToken();
$this->assertEquals(16, strlen($token3));
$this->assertTrue(Rhymix\Framework\Session::verifyToken($token3));
$this->assertTrue(Rhymix\Framework\Session::verifyToken($token3, ''));
$this->assertFalse(Rhymix\Framework\Session::verifyToken($token3, '/wrong/key'));
Rhymix\Framework\Session::destroy();
$this->assertFalse(Rhymix\Framework\Session::verifyToken($token1));
$this->assertFalse(Rhymix\Framework\Session::verifyToken($token, '/my/key'));
$this->assertFalse(Rhymix\Framework\Session::getGenericToken());
}
public function testEncryption()