mirror of
https://github.com/flarum/framework.git
synced 2024-12-12 14:13:37 +08:00
08ba2599d7
- Make session token-based instead of user-based - Clear current session access tokens on logout - Introduce increment ID so we can show tokens to moderators in the future without exposing secrets - Switch to type classes to manage the different token types. New implementation fixes #2075 - Drop ability to customize lifetime per-token - Add developer access keys that don't expire. These must be created from the database for now - Add title in preparation for the developer token UI - Add IP and user agent logging - Delete all non-remember tokens in migration
98 lines
2.4 KiB
PHP
98 lines
2.4 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* For detailed copyright and license information, please view the
|
|
* LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\Tests\integration\api\access_tokens;
|
|
|
|
use Carbon\Carbon;
|
|
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
|
|
use Flarum\Tests\integration\TestCase;
|
|
|
|
class RemembererTest extends TestCase
|
|
{
|
|
use RetrievesAuthorizedUsers;
|
|
|
|
/**
|
|
* @inheritDoc
|
|
*/
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->prepareDatabase([
|
|
'access_tokens' => [
|
|
['token' => 'a', 'user_id' => 1, 'last_activity_at' => Carbon::parse('2021-01-01 02:00:00'), 'type' => 'session'],
|
|
['token' => 'b', 'user_id' => 1, 'last_activity_at' => Carbon::parse('2021-01-01 02:00:00'), 'type' => 'session_remember'],
|
|
],
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function non_remember_tokens_cannot_be_used()
|
|
{
|
|
$this->populateDatabase();
|
|
|
|
Carbon::setTestNow('2021-01-01 02:30:00');
|
|
|
|
$response = $this->send(
|
|
$this->request('GET', '/api')->withCookieParams([
|
|
'flarum_remember' => 'a',
|
|
])
|
|
);
|
|
|
|
Carbon::setTestNow();
|
|
|
|
$data = json_decode($response->getBody(), true);
|
|
$this->assertFalse($data['data']['attributes']['canViewUserList']);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function expired_tokens_cannot_be_used()
|
|
{
|
|
$this->populateDatabase();
|
|
|
|
Carbon::setTestNow('2027-01-01 02:30:00');
|
|
|
|
$response = $this->send(
|
|
$this->request('GET', '/api')->withCookieParams([
|
|
'flarum_remember' => 'b',
|
|
])
|
|
);
|
|
|
|
Carbon::setTestNow();
|
|
|
|
$data = json_decode($response->getBody(), true);
|
|
$this->assertFalse($data['data']['attributes']['canViewUserList']);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function valid_tokens_can_be_used()
|
|
{
|
|
$this->populateDatabase();
|
|
|
|
Carbon::setTestNow('2021-01-01 02:30:00');
|
|
|
|
$response = $this->send(
|
|
$this->request('GET', '/api')->withCookieParams([
|
|
'flarum_remember' => 'b',
|
|
])
|
|
);
|
|
|
|
Carbon::setTestNow();
|
|
|
|
$data = json_decode($response->getBody(), true);
|
|
$this->assertTrue($data['data']['attributes']['canViewUserList']);
|
|
}
|
|
}
|