Permalink
Browse files

Fixing issue where Encrypt session strategy would keep plain values. …

…Fixes #255
  • Loading branch information...
1 parent 2319f7b commit c78f12f44c2aa32a1cf5f8fad8dd8452836431f9 @mariano mariano committed Jan 10, 2012
Showing with 46 additions and 5 deletions.
  1. +3 −3 storage/session/strategy/Encrypt.php
  2. +43 −2 tests/cases/storage/SessionTest.php
View
6 storage/session/strategy/Encrypt.php
@@ -128,7 +128,7 @@ public function write($data, array $options = array()) {
$payload = empty($futureData) ? null : $this->_encrypt($futureData);
$class::write('__encrypted', $payload, array('strategies' => false) + $options);
- return $data;
+ return $payload;
@greut
greut added a line comment Mar 30, 2012

it should be return null; here you are storing the data twice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
}
/**
@@ -216,7 +216,7 @@ protected function _decrypt($encrypted) {
*/
protected function _hashSecret($key) {
$size = mcrypt_get_key_size($this->_config['cipher'], $this->_config['mode']);
-
+
if(strlen($key) >= $size) {
return $key;
}
@@ -264,4 +264,4 @@ protected static function _vectorSize($cipher, $mode) {
}
}
-?>
+?>
View
45 tests/cases/storage/SessionTest.php
@@ -11,7 +11,7 @@
use lithium\storage\Session;
use lithium\storage\session\adapter\Memory;
use lithium\tests\mocks\storage\session\adapter\SessionStorageConditional;
-
+use lithium\tests\mocks\storage\session\strategy\MockEncrypt;
/**
*
@@ -245,6 +245,47 @@ public function testStrategies() {
$this->assertFalse(Session::check('test'));
$this->assertFalse(Session::check('test', array('strategies' => false)));
}
+
+ public function testEncryptedStrategy() {
+ $this->skipIf(!MockEncrypt::enabled(), 'The Mcrypt extension is not installed or enabled.');
+
+ $key = 'foobar';
+ $adapter = new Memory();
+ Session::config(array('primary' => array(
+ 'adapter' => $adapter, 'filters' => array(), 'strategies' => array(
+ 'lithium\tests\mocks\storage\session\strategy\MockEncrypt' => array(
+ 'secret' => $key
+ )
+ )
+ )));
+
+ $encrypt = new MockEncrypt(array('secret' => $key));
+
+ $value = array('foo' => 'bar');
+
+ Session::write('test', $value);
+ $this->assertEqual(array('foo' => 'bar'), Session::read('test'));
+
+ $this->assertTrue(Session::check('test'));
+ $this->assertTrue(Session::check('test', array('strategies' => false)));
+
+ $result = Session::read('test', array('strategies' => false));
+ $this->assertNotEqual($value, $result);
+ $this->assertTrue(is_string($result));
+
+ $result = $encrypt->decrypt($result);
+ $this->assertEqual(array('test' => $value), $result);
+
+ $result = Session::read('test');
+ $this->assertEqual($value, $result);
+
+ $result = Session::clear(array('strategies' => false));
+ $this->assertNull(Session::read('test'));
+
+ $this->assertFalse(Session::check('test'));
+ $this->assertFalse(Session::check('test', array('strategies' => false)));
+ }
+
}
-?>
+?>

0 comments on commit c78f12f

Please sign in to comment.