mirror of
https://github.com/flarum/framework.git
synced 2024-11-28 20:16:08 +08:00
08ba2599d7
- Make session token-based instead of user-based - Clear current session access tokens on logout - Introduce increment ID so we can show tokens to moderators in the future without exposing secrets - Switch to type classes to manage the different token types. New implementation fixes #2075 - Drop ability to customize lifetime per-token - Add developer access keys that don't expire. These must be created from the database for now - Add title in preparation for the developer token UI - Add IP and user agent logging - Delete all non-remember tokens in migration
70 lines
2.0 KiB
PHP
70 lines
2.0 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* For detailed copyright and license information, please view the
|
|
* LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\Tests\integration;
|
|
|
|
use Carbon\Carbon;
|
|
use Dflydev\FigCookies\SetCookie;
|
|
use Illuminate\Support\Str;
|
|
use Laminas\Diactoros\CallbackStream;
|
|
use Psr\Http\Message\ResponseInterface as Response;
|
|
use Psr\Http\Message\ServerRequestInterface as Request;
|
|
|
|
/**
|
|
* A collection of helpers for building PSR-7 requests for integration tests.
|
|
*/
|
|
trait BuildsHttpRequests
|
|
{
|
|
protected function requestWithJsonBody(Request $req, array $json): Request
|
|
{
|
|
return $req
|
|
->withHeader('Content-Type', 'application/json')
|
|
->withBody(
|
|
new CallbackStream(function () use ($json) {
|
|
return json_encode($json);
|
|
})
|
|
);
|
|
}
|
|
|
|
protected function requestAsUser(Request $req, int $userId): Request
|
|
{
|
|
$token = Str::random(40);
|
|
|
|
/**
|
|
* We insert this directly instead of via `prepareDatabase`
|
|
* so that requests can be created/sent after the app is booted.
|
|
*/
|
|
$this->database()->table('access_tokens')->insert([
|
|
'token' => $token,
|
|
'user_id' => $userId,
|
|
'created_at' => Carbon::now()->toDateTimeString(),
|
|
'last_activity_at' => Carbon::now()->toDateTimeString(),
|
|
'type' => 'session'
|
|
]);
|
|
|
|
return $req->withAddedHeader('Authorization', "Token {$token}");
|
|
}
|
|
|
|
protected function requestWithCookiesFrom(Request $req, Response $previous): Request
|
|
{
|
|
$cookies = array_reduce(
|
|
$previous->getHeader('Set-Cookie'),
|
|
function ($memo, $setCookieString) {
|
|
$setCookie = SetCookie::fromSetCookieString($setCookieString);
|
|
$memo[$setCookie->getName()] = $setCookie->getValue();
|
|
|
|
return $memo;
|
|
},
|
|
[]
|
|
);
|
|
|
|
return $req->withCookieParams($cookies);
|
|
}
|
|
}
|