ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added token purpose check to authentication

Browse source
This commit is contained in:
Marcin Kurczewski 2014-09-07 18:07:24 +02:00
parent e6b37d8e57
commit 9a7082c269
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/Services/AuthService.php
View file

@ -69,6 +69,9 @@ class AuthService
if (!$loginToken) if (!$loginToken)
throw new \Exception('Invalid login token.'); throw new \Exception('Invalid login token.');
if ($loginToken->purpose != \Szurubooru\Entities\Token::PURPOSE_LOGIN)
throw new \Exception('This token is not a login token.');
$this->loginToken = $loginToken; $this->loginToken = $loginToken;
$this->loggedInUser = $this->userDao->getById($loginToken->additionalData); $this->loggedInUser = $this->userDao->getById($loginToken->additionalData);
if (!$this->loggedInUser) if (!$this->loggedInUser)

1
tests/Services/AuthServiceTest.php
View file

@ -80,6 +80,7 @@ class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
$testToken = new \Szurubooru\Entities\Token(); $testToken = new \Szurubooru\Entities\Token();
$testToken->name = 'dummy_token'; $testToken->name = 'dummy_token';
$testToken->additionalData = $testUser->id; $testToken->additionalData = $testUser->id;
$testToken->purpose = \Szurubooru\Entities\Token::PURPOSE_LOGIN;
$this->tokenDaoMock->expects($this->once())->method('getByName')->willReturn($testToken); $this->tokenDaoMock->expects($this->once())->method('getByName')->willReturn($testToken);
$authService = $this->getAuthService(); $authService = $this->getAuthService();