Merge pull request #256 from mariano/i255

Fixing issue where Encrypt session strategy would keep plain values
UnionOfRAD · Jan 10, 2012 · 8034543 · 8034543
2 parents 2319f7b + c78f12f
commit 8034543
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 5 deletions.
diff --git a/storage/session/strategy/Encrypt.php b/storage/session/strategy/Encrypt.php
@@ -128,7 +128,7 @@ public function write($data, array $options = array()) {
 		$payload = empty($futureData) ? null : $this->_encrypt($futureData);
 
 		$class::write('__encrypted', $payload, array('strategies' => false) + $options);
-		return $data;
+		return $payload;
 	}
 
 	/**
@@ -216,7 +216,7 @@ protected function _decrypt($encrypted) {
 	 */
 	protected function _hashSecret($key) {
 		$size = mcrypt_get_key_size($this->_config['cipher'], $this->_config['mode']);
-		
+
 		if(strlen($key) >= $size) {
 			return $key;
 		}
@@ -264,4 +264,4 @@ protected static function _vectorSize($cipher, $mode) {
 	}
 }
 
-?>
+?>
diff --git a/tests/cases/storage/SessionTest.php b/tests/cases/storage/SessionTest.php
@@ -11,7 +11,7 @@
 use lithium\storage\Session;
 use lithium\storage\session\adapter\Memory;
 use lithium\tests\mocks\storage\session\adapter\SessionStorageConditional;
-
+use lithium\tests\mocks\storage\session\strategy\MockEncrypt;
 
 /**
  *
@@ -245,6 +245,47 @@ public function testStrategies() {
 		$this->assertFalse(Session::check('test'));
 		$this->assertFalse(Session::check('test', array('strategies' => false)));
 	}
+
+	public function testEncryptedStrategy() {
+		$this->skipIf(!MockEncrypt::enabled(), 'The Mcrypt extension is not installed or enabled.');
+
+		$key = 'foobar';
+		$adapter = new Memory();
+		Session::config(array('primary' => array(
+			'adapter' => $adapter, 'filters' => array(), 'strategies' => array(
+				'lithium\tests\mocks\storage\session\strategy\MockEncrypt' => array(
+					'secret' => $key
+				)
+			)
+		)));
+
+		$encrypt = new MockEncrypt(array('secret' => $key));
+
+		$value = array('foo' => 'bar');
+
+		Session::write('test', $value);
+		$this->assertEqual(array('foo' => 'bar'), Session::read('test'));
+
+		$this->assertTrue(Session::check('test'));
+		$this->assertTrue(Session::check('test', array('strategies' => false)));
+
+		$result = Session::read('test', array('strategies' => false));
+		$this->assertNotEqual($value, $result);
+		$this->assertTrue(is_string($result));
+
+		$result = $encrypt->decrypt($result);
+		$this->assertEqual(array('test' => $value), $result);
+
+		$result = Session::read('test');
+		$this->assertEqual($value, $result);
+
+		$result = Session::clear(array('strategies' => false));
+		$this->assertNull(Session::read('test'));
+
+		$this->assertFalse(Session::check('test'));
+		$this->assertFalse(Session::check('test', array('strategies' => false)));
+	}
+
 }
 
-?>
+?>