Signed-off-by: VirtualTam <virtualtam@flibidi.net>
// The user client has a valid stay-signed-in cookie
// Session information is updated with the current client information
$this->sessionManager->storeLoginInfo($clientIpId);
// The user client has a valid stay-signed-in cookie
// Session information is updated with the current client information
$this->sessionManager->storeLoginInfo($clientIpId);
- $this->isLoggedIn = true;
} elseif ($this->sessionManager->hasSessionExpired()
|| $this->sessionManager->hasClientIpChanged($clientIpId)
} elseif ($this->sessionManager->hasSessionExpired()
|| $this->sessionManager->hasClientIpChanged($clientIpId)
+ $this->isLoggedIn = true;
$this->sessionManager->extendSession();
}
$this->sessionManager->extendSession();
}
*/
public function hasSessionExpired()
{
*/
public function hasSessionExpired()
{
+ if (empty($this->session['expires_on'])) {
+ return true;
+ }
if (time() >= $this->session['expires_on']) {
return true;
}
if (time() >= $this->session['expires_on']) {
return true;
}
if ($this->conf->get('security.session_protection_disabled') === true) {
return false;
}
if ($this->conf->get('security.session_protection_disabled') === true) {
return false;
}
- if ($this->session['ip'] == $clientIpId) {
+ if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) {
return false;
}
return true;
return false;
}
return true;
$this->globals = &$GLOBALS;
unset($this->globals['IPBANS']);
$this->globals = &$GLOBALS;
unset($this->globals['IPBANS']);
- $this->session = [
- 'expires_on' => time() + 100,
- 'ip' => $this->clientIpAddress,
- ];
$this->sessionManager = new SessionManager($this->session, $this->configManager);
$this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
$this->sessionManager = new SessionManager($this->session, $this->configManager);
$this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
*/
public function testCheckLoginStateStaySignedInWithInvalidToken()
{
*/
public function testCheckLoginStateStaySignedInWithInvalidToken()
{
+ // simulate a previous login
+ $this->session = [
+ 'ip' => $this->clientIpAddress,
+ 'expires_on' => time() + 100,
+ ];
$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
$this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
$this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
- $this->assertFalse($this->loginManager->isLoggedIn());
+ $this->assertTrue($this->loginManager->isLoggedIn());
+ $this->assertTrue(empty($this->session['username']));
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
$this->assertTrue($this->loginManager->isLoggedIn());
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
$this->assertTrue($this->loginManager->isLoggedIn());
+ $this->assertEquals($this->login, $this->session['username']);
+ $this->assertEquals($this->clientIpAddress, $this->session['ip']);