SessionManager+LoginManager: fix checkLoginState logic
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This commit is contained in:
parent
704637bfeb
commit
8edd7f1588
3 changed files with 15 additions and 7 deletions
|
@ -95,7 +95,6 @@ class LoginManager
|
|||
// The user client has a valid stay-signed-in cookie
|
||||
// Session information is updated with the current client information
|
||||
$this->sessionManager->storeLoginInfo($clientIpId);
|
||||
$this->isLoggedIn = true;
|
||||
|
||||
} elseif ($this->sessionManager->hasSessionExpired()
|
||||
|| $this->sessionManager->hasClientIpChanged($clientIpId)
|
||||
|
@ -105,6 +104,7 @@ class LoginManager
|
|||
return;
|
||||
}
|
||||
|
||||
$this->isLoggedIn = true;
|
||||
$this->sessionManager->extendSession();
|
||||
}
|
||||
|
||||
|
|
|
@ -169,6 +169,9 @@ class SessionManager
|
|||
*/
|
||||
public function hasSessionExpired()
|
||||
{
|
||||
if (empty($this->session['expires_on'])) {
|
||||
return true;
|
||||
}
|
||||
if (time() >= $this->session['expires_on']) {
|
||||
return true;
|
||||
}
|
||||
|
@ -188,7 +191,7 @@ class SessionManager
|
|||
if ($this->conf->get('security.session_protection_disabled') === true) {
|
||||
return false;
|
||||
}
|
||||
if ($this->session['ip'] == $clientIpId) {
|
||||
if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
|
@ -84,10 +84,7 @@ class LoginManagerTest extends TestCase
|
|||
$this->globals = &$GLOBALS;
|
||||
unset($this->globals['IPBANS']);
|
||||
|
||||
$this->session = [
|
||||
'expires_on' => time() + 100,
|
||||
'ip' => $this->clientIpAddress,
|
||||
];
|
||||
$this->session = [];
|
||||
|
||||
$this->sessionManager = new SessionManager($this->session, $this->configManager);
|
||||
$this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
|
||||
|
@ -281,12 +278,18 @@ class LoginManagerTest extends TestCase
|
|||
*/
|
||||
public function testCheckLoginStateStaySignedInWithInvalidToken()
|
||||
{
|
||||
// simulate a previous login
|
||||
$this->session = [
|
||||
'ip' => $this->clientIpAddress,
|
||||
'expires_on' => time() + 100,
|
||||
];
|
||||
$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
|
||||
$this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
|
||||
|
||||
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
|
||||
|
||||
$this->assertFalse($this->loginManager->isLoggedIn());
|
||||
$this->assertTrue($this->loginManager->isLoggedIn());
|
||||
$this->assertTrue(empty($this->session['username']));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -300,6 +303,8 @@ class LoginManagerTest extends TestCase
|
|||
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
|
||||
|
||||
$this->assertTrue($this->loginManager->isLoggedIn());
|
||||
$this->assertEquals($this->login, $this->session['username']);
|
||||
$this->assertEquals($this->clientIpAddress, $this->session['ip']);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue