Fixed login errors for corrupt cookies
This commit is contained in:
Marcin Kurczewski
parent
8b48ba727e
commit
0ebfaf991a
2 changed files with 72 additions and 1 deletions
13
src/Auth.php
13
src/Auth.php
|
|
@ -50,7 +50,18 @@ class Auth
|
|||
if (!isset($_COOKIE['auth']))
|
||||
return;
|
||||
|
||||
$token = TextHelper::decrypt($_COOKIE['auth']);
|
||||
try
|
||||
{
|
||||
$token = TextHelper::decrypt($_COOKIE['auth']);
|
||||
}
|
||||
catch (Exception $e)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if (strpos($token, '|') === false)
|
||||
return false;
|
||||
|
||||
list ($name, $password) = array_map('base64_decode', explode('|', $token));
|
||||
try
|
||||
{
|
||||
|
|
|
|||
|
|
@ -20,6 +20,66 @@ class AuthTest extends AbstractTest
|
|||
$this->assert->areEqual(time(), $user->getLastLoginTime());
|
||||
}
|
||||
|
||||
public function testAutoLogin()
|
||||
{
|
||||
Core::getConfig()->registration->staffActivation = false;
|
||||
Core::getConfig()->registration->needEmailForRegistering = false;
|
||||
|
||||
$user = $this->prepareValidUser();
|
||||
UserModel::save($user);
|
||||
|
||||
$token = base64_encode('existing') . '|' . base64_encode('bleee');
|
||||
$_COOKIE['auth'] = TextHelper::encrypt($token);
|
||||
|
||||
$this->assert->doesNotThrow(function()
|
||||
{
|
||||
Auth::tryAutoLogin();
|
||||
});
|
||||
|
||||
$this->assert->isTrue(Auth::isLoggedIn());
|
||||
|
||||
$user = UserModel::getByName($user->getName());
|
||||
$this->assert->areEqual(time(), $user->getLastLoginTime());
|
||||
}
|
||||
|
||||
public function testAutoLoginInvalidToken()
|
||||
{
|
||||
Core::getConfig()->registration->staffActivation = false;
|
||||
Core::getConfig()->registration->needEmailForRegistering = false;
|
||||
|
||||
$user = $this->prepareValidUser();
|
||||
UserModel::save($user);
|
||||
|
||||
$token = 'bleblebleąćęłóśńźż';
|
||||
$_COOKIE['auth'] = TextHelper::encrypt($token);
|
||||
|
||||
$this->assert->doesNotThrow(function()
|
||||
{
|
||||
Auth::tryAutoLogin();
|
||||
});
|
||||
|
||||
$this->assert->isFalse(Auth::isLoggedIn());
|
||||
|
||||
$token = 'bleblebleą|ćęłóśńźż';
|
||||
$_COOKIE['auth'] = TextHelper::encrypt($token);
|
||||
|
||||
$this->assert->doesNotThrow(function()
|
||||
{
|
||||
Auth::tryAutoLogin();
|
||||
});
|
||||
|
||||
$this->assert->isFalse(Auth::isLoggedIn());
|
||||
|
||||
$_COOKIE['auth'] = 'complete nonsense';
|
||||
|
||||
$this->assert->doesNotThrow(function()
|
||||
{
|
||||
Auth::tryAutoLogin();
|
||||
});
|
||||
|
||||
$this->assert->isFalse(Auth::isLoggedIn());
|
||||
}
|
||||
|
||||
public function testLoginViaEmail()
|
||||
{
|
||||
Core::getConfig()->registration->staffActivation = false;
|
||||
|
|
|
|||
Loading…
Reference in a new issue