From 0ebfaf991a10d7c1548162c4822ec7637d085f0e Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Mon, 26 May 2014 12:53:50 +0200
Subject: [PATCH] Fixed login errors for corrupt cookies

---
 src/Auth.php                       | 13 ++++++-
 tests/Tests/MiscTests/AuthTest.php | 60 ++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 1 deletion(-)

diff --git a/src/Auth.php b/src/Auth.php
index be352350..6ac61c8b 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -50,7 +50,18 @@ class Auth
 		if (!isset($_COOKIE['auth']))
 			return;
 
-		$token = TextHelper::decrypt($_COOKIE['auth']);
+		try
+		{
+			$token = TextHelper::decrypt($_COOKIE['auth']);
+		}
+		catch (Exception $e)
+		{
+			return false;
+		}
+
+		if (strpos($token, '|') === false)
+			return false;
+
 		list ($name, $password) = array_map('base64_decode', explode('|', $token));
 		try
 		{
diff --git a/tests/Tests/MiscTests/AuthTest.php b/tests/Tests/MiscTests/AuthTest.php
index 2a4e7ff2..14774971 100644
--- a/tests/Tests/MiscTests/AuthTest.php
+++ b/tests/Tests/MiscTests/AuthTest.php
@@ -20,6 +20,66 @@ class AuthTest extends AbstractTest
 		$this->assert->areEqual(time(), $user->getLastLoginTime());
 	}
 
+	public function testAutoLogin()
+	{
+		Core::getConfig()->registration->staffActivation = false;
+		Core::getConfig()->registration->needEmailForRegistering = false;
+
+		$user = $this->prepareValidUser();
+		UserModel::save($user);
+
+		$token = base64_encode('existing') . '|' . base64_encode('bleee');
+		$_COOKIE['auth'] = TextHelper::encrypt($token);
+
+		$this->assert->doesNotThrow(function()
+		{
+			Auth::tryAutoLogin();
+		});
+
+		$this->assert->isTrue(Auth::isLoggedIn());
+
+		$user = UserModel::getByName($user->getName());
+		$this->assert->areEqual(time(), $user->getLastLoginTime());
+	}
+
+	public function testAutoLoginInvalidToken()
+	{
+		Core::getConfig()->registration->staffActivation = false;
+		Core::getConfig()->registration->needEmailForRegistering = false;
+
+		$user = $this->prepareValidUser();
+		UserModel::save($user);
+
+		$token = 'bleblebleąćęłóśńźż';
+		$_COOKIE['auth'] = TextHelper::encrypt($token);
+
+		$this->assert->doesNotThrow(function()
+		{
+			Auth::tryAutoLogin();
+		});
+
+		$this->assert->isFalse(Auth::isLoggedIn());
+
+		$token = 'bleblebleą|ćęłóśńźż';
+		$_COOKIE['auth'] = TextHelper::encrypt($token);
+
+		$this->assert->doesNotThrow(function()
+		{
+			Auth::tryAutoLogin();
+		});
+
+		$this->assert->isFalse(Auth::isLoggedIn());
+
+		$_COOKIE['auth'] = 'complete nonsense';
+
+		$this->assert->doesNotThrow(function()
+		{
+			Auth::tryAutoLogin();
+		});
+
+		$this->assert->isFalse(Auth::isLoggedIn());
+	}
+
 	public function testLoginViaEmail()
 	{
 		Core::getConfig()->registration->staffActivation = false;