‪TYPO3CMS  11.5
UserSessionManagerTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Session;
19 
20 use Prophecy\Argument;
21 use Prophecy\PhpUnit\ProphecyTrait;
22 use Psr\Http\Message\ServerRequestInterface;
23 use ‪TYPO3\CMS\Core\Authentication\IpLocker;
24 use ‪TYPO3\CMS\Core\Http\NormalizedParams;
25 use ‪TYPO3\CMS\Core\Session\Backend\Exception\SessionNotFoundException;
26 use ‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface;
27 use ‪TYPO3\CMS\Core\Session\UserSession;
28 use ‪TYPO3\CMS\Core\Session\UserSessionManager;
29 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
30 
31 class ‪UserSessionManagerTest extends UnitTestCase
32 {
33  use ProphecyTrait;
34 
35  protected function ‪setUp(): void
36  {
37  parent::setUp();
38  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] = '';
39  }
40 
41  public function ‪willExpireDataProvider(): array
42  {
43  return [
44  [
45  'sessionLifetime' => 120,
46  'gracePeriod' => 120,
47  'shouldBeMarkedAsExpired' => true,
48  ],
49  [
50  'sessionLifetime' => 120,
51  'gracePeriod' => 60,
52  'shouldBeMarkedAsExpired' => false,
53  ],
54  [
55  'sessionLifetime' => 120,
56  'gracePeriod' => 240,
57  'shouldBeMarkedAsExpired' => true,
58  ],
59  ];
60  }
61 
66  public function ‪willExpireWillExpire(int $sessionLifetime, int $gracePeriod, bool $expectedResult): void
67  {
68  $sessionBackendProphecy = $this->prophesize(SessionBackendInterface::class);
69  $subject = new ‪UserSessionManager(
70  $sessionBackendProphecy->reveal(),
71  $sessionLifetime,
72  new ‪IpLocker(0, 0),
73  'FE'
74  );
75  $session = $subject->createAnonymousSession();
76  self::assertEquals($expectedResult, $subject->willExpire($session, $gracePeriod));
77  }
78 
79  public function ‪hasExpiredIsCalculatedCorrectly(): void
80  {
81  ‪$GLOBALS['EXEC_TIME'] = time();
82  $sessionBackendProphecy = $this->prophesize(SessionBackendInterface::class);
83  $subject = new ‪UserSessionManager(
84  $sessionBackendProphecy->reveal(),
85  60,
86  new ‪IpLocker(0, 0),
87  'FE'
88  );
89  $expiredSession = ‪UserSession::createFromRecord('random-string', ['ses_tstamp' => time() - 500]);
90  self::assertTrue($subject->hasExpired($expiredSession));
91  $newSession = ‪UserSession::createFromRecord('random-string', ['ses_tstamp' => time()]);
92  self::assertFalse($subject->hasExpired($newSession));
93  }
94 
98  public function ‪createFromRequestOrAnonymousCreatesProperSessionObjects(): void
99  {
100  $cookieDomain = 'example.org';
101  $normalizedParams = $this->createMock(NormalizedParams::class);
102  $normalizedParams->method('getRequestHostOnly')->willReturn($cookieDomain);
103  $key = sha1(‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . '/' . UserSession::class . '/' . $cookieDomain);
104  $sessionId = 'valid-session';
105  $signature = hash_hmac('sha256', $sessionId, $key);
106  $validSession = $sessionId . '.' . $signature;
107  $sessionBackendProphecy = $this->prophesize(SessionBackendInterface::class);
108  $sessionBackendProphecy->get('invalid-session')->willThrow(SessionNotFoundException::class);
109  $sessionBackendProphecy->get($validSession)->willReturn([
110  'ses_id' => 'valid-session',
111  'ses_userid' => 13,
112  'ses_data' => serialize(['propertyA' => 42, 'propertyB' => 'great']),
113  'ses_tstamp' => time(),
114  'ses_iplock' => '[DISABLED]',
115  ]);
116  $subject = new ‪UserSessionManager(
117  $sessionBackendProphecy->reveal(),
118  50,
119  new ‪IpLocker(0, 0),
120  'FE'
121  );
122  $request = $this->prophesize(ServerRequestInterface::class);
123  $request->getCookieParams()->willReturn([]);
124  $request->getServerParams()->willReturn(['HTTP_HOST' => $cookieDomain]);
125  $request->getAttribute('normalizedParams')->willReturn($normalizedParams);
126  ‪$GLOBALS['TYPO3_REQUEST'] = $request->reveal();
127  $anonymousSession = $subject->createFromRequestOrAnonymous($request->reveal(), 'foo');
128  self::assertTrue($anonymousSession->isNew());
129  self::assertTrue($anonymousSession->isAnonymous());
130 
131  $request->getCookieParams()->willReturn(['foo' => 'invalid-session', 'bar' => $validSession]);
132  $anonymousSessionFromInvalidBackendRequest = $subject->createFromRequestOrAnonymous($request->reveal(), 'foo');
133  self::assertTrue($anonymousSessionFromInvalidBackendRequest->isNew());
134  self::assertTrue($anonymousSessionFromInvalidBackendRequest->isAnonymous());
135  $persistedSession = $subject->createFromRequestOrAnonymous($request->reveal(), 'bar');
136 
137  self::assertEquals(13, $persistedSession->getUserId());
138  self::assertFalse($persistedSession->isAnonymous());
139  self::assertFalse($persistedSession->isNew());
140  self::assertEquals(42, $persistedSession->get('propertyA'));
141  self::assertEquals('great', $persistedSession->get('propertyB'));
142  self::assertNull($persistedSession->get('propertyC'));
143  }
144 
148  public function ‪updateSessionWillSetLastUpdated(): void
149  {
150  $sessionBackendProphecy = $this->prophesize(SessionBackendInterface::class);
151  $sessionBackendProphecy->update(Argument::any(), Argument::any())->willReturn([
152  'ses_id' => 'valid-session',
153  'ses_userid' => 13,
154  'ses_data' => serialize(['propertyA' => 42, 'propertyB' => 'great']),
155  'ses_tstamp' => 7654321,
156  'ses_iplock' => '[DISABLED]',
157  ]);
158  $subject = new UserSessionManager(
159  $sessionBackendProphecy->reveal(),
160  60,
161  new IpLocker(0, 0),
162  'FE'
163  );
164  $session = ‪UserSession::createFromRecord('random-string', ['ses_tstamp' => time() - 500]);
165  $session = $subject->updateSession($session);
166  self::assertSame(7654321, $session->getLastUpdated());
167  }
168 
172  public function ‪fixateAnonymousSessionWillUpdateSessionObject(): void
173  {
174  $sessionBackendProphecy = $this->prophesize(SessionBackendInterface::class);
175  $sessionBackendProphecy->set(Argument::any(), Argument::any())->willReturn([
176  'ses_id' => 'valid-session',
177  'ses_userid' => 0,
178  'ses_data' => serialize(['propertyA' => 42, 'propertyB' => 'great']),
179  'ses_tstamp' => 7654321,
180  'ses_iplock' => ‪IpLocker::DISABLED_LOCK_VALUE,
181  ]);
182  $subject = new UserSessionManager(
183  $sessionBackendProphecy->reveal(),
184  60,
185  new IpLocker(0, 0),
186  'FE'
187  );
188  $session = ‪UserSession::createFromRecord('random-string', ['ses_tstamp' => time() - 500]);
189  $session = $subject->fixateAnonymousSession($session);
190  self::assertSame(‪IpLocker::DISABLED_LOCK_VALUE, $session->getIpLock());
191  self::assertNull($session->getUserId());
192  self::assertSame(7654321, $session->getLastUpdated());
193  }
194 }
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest
Definition: UserSessionManagerTest.php:32
‪TYPO3\CMS\Core\Tests\Unit\Session
‪TYPO3\CMS\Core\Session\UserSession\createFromRecord
‪static UserSession createFromRecord(string $id, array $record, bool $markAsNew=false)
Definition: UserSession.php:224
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\setUp
‪setUp()
Definition: UserSessionManagerTest.php:34
‪TYPO3\CMS\Core\Session\UserSession
Definition: UserSession.php:39
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\willExpireDataProvider
‪willExpireDataProvider()
Definition: UserSessionManagerTest.php:40
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface
Definition: SessionBackendInterface.php:28
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\willExpireWillExpire
‪willExpireWillExpire(int $sessionLifetime, int $gracePeriod, bool $expectedResult)
Definition: UserSessionManagerTest.php:65
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\fixateAnonymousSessionWillUpdateSessionObject
‪fixateAnonymousSessionWillUpdateSessionObject()
Definition: UserSessionManagerTest.php:171
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\updateSessionWillSetLastUpdated
‪updateSessionWillSetLastUpdated()
Definition: UserSessionManagerTest.php:147
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Authentication\IpLocker
Definition: IpLocker.php:26
‪TYPO3\CMS\Core\Authentication\IpLocker\DISABLED_LOCK_VALUE
‪const DISABLED_LOCK_VALUE
Definition: IpLocker.php:27
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\createFromRequestOrAnonymousCreatesProperSessionObjects
‪createFromRequestOrAnonymousCreatesProperSessionObjects()
Definition: UserSessionManagerTest.php:97
‪TYPO3\CMS\Core\Session\Backend\Exception\SessionNotFoundException
Definition: SessionNotFoundException.php:23
‪TYPO3\CMS\Core\Session\UserSessionManager
Definition: UserSessionManager.php:38
‪TYPO3\CMS\Core\Http\NormalizedParams
Definition: NormalizedParams.php:35
‪TYPO3\CMS\Core\Tests\Unit\Session\UserSessionManagerTest\hasExpiredIsCalculatedCorrectly
‪hasExpiredIsCalculatedCorrectly()
Definition: UserSessionManagerTest.php:78