From e77a8df22206673cb3d6ebf58838071b9fdde67e Mon Sep 17 00:00:00 2001 From: Andreas Date: Fri, 5 Oct 2018 10:19:42 +0200 Subject: [PATCH] Don't cycle remember token on logout if not set The remember token was cycled even though the remember functionality never was used and the token set. In the database it looked like all the users had used the functionality, which was confusing. This change stops that and only cycles the token if it is set. --- src/Illuminate/Auth/SessionGuard.php | 2 +- tests/Auth/AuthGuardTest.php | 21 +++++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php index 6d980b8d0db0..a98f6b796c52 100644 --- a/src/Illuminate/Auth/SessionGuard.php +++ b/src/Illuminate/Auth/SessionGuard.php @@ -489,7 +489,7 @@ public function logout() // listening for anytime a user signs out of this application manually. $this->clearUserDataFromStorage(); - if (! is_null($this->user)) { + if (! is_null($this->user) && ! empty($user->getRememberToken())) { $this->cycleRememberToken($user); } diff --git a/tests/Auth/AuthGuardTest.php b/tests/Auth/AuthGuardTest.php index cc87e7f1ef91..7a298a22f23e 100755 --- a/tests/Auth/AuthGuardTest.php +++ b/tests/Auth/AuthGuardTest.php @@ -265,6 +265,7 @@ public function testLogoutRemovesSessionTokenAndRememberMeCookie() $mock = $this->getMockBuilder(SessionGuard::class)->setMethods(['getName', 'getRecallerName', 'recaller'])->setConstructorArgs(['default', $provider, $session, $request])->getMock(); $mock->setCookieJar($cookies = m::mock(CookieJar::class)); $user = m::mock(Authenticatable::class); + $user->shouldReceive('getRememberToken')->once()->andReturn('a'); $user->shouldReceive('setRememberToken')->once(); $mock->expects($this->once())->method('getName')->will($this->returnValue('foo')); $mock->expects($this->once())->method('getRecallerName')->will($this->returnValue('bar')); @@ -286,10 +287,9 @@ public function testLogoutDoesNotEnqueueRememberMeCookieForDeletionIfCookieDoesn $mock = $this->getMockBuilder(SessionGuard::class)->setMethods(['getName', 'recaller'])->setConstructorArgs(['default', $provider, $session, $request])->getMock(); $mock->setCookieJar($cookies = m::mock(CookieJar::class)); $user = m::mock(Authenticatable::class); - $user->shouldReceive('setRememberToken')->once(); + $user->shouldReceive('getRememberToken')->andReturn(null); $mock->expects($this->once())->method('getName')->will($this->returnValue('foo')); $mock->expects($this->once())->method('recaller')->will($this->returnValue(null)); - $provider->shouldReceive('updateRememberToken')->once(); $mock->getSession()->shouldReceive('remove')->once()->with('foo'); $mock->setUser($user); @@ -304,14 +304,27 @@ public function testLogoutFiresLogoutEvent() $mock->expects($this->once())->method('clearUserDataFromStorage'); $mock->setDispatcher($events = m::mock(Dispatcher::class)); $user = m::mock(Authenticatable::class); - $user->shouldReceive('setRememberToken')->once(); - $provider->shouldReceive('updateRememberToken')->once(); + $user->shouldReceive('getRememberToken')->andReturn(null); $events->shouldReceive('dispatch')->once()->with(m::type(Authenticated::class)); $mock->setUser($user); $events->shouldReceive('dispatch')->once()->with(m::type(Logout::class)); $mock->logout(); } + public function testLogoutDoesNotSetRememberTokenIfNotPreviouslySet() + { + [$session, $provider, $request] = $this->getMocks(); + $mock = $this->getMockBuilder(SessionGuard::class)->setMethods(['clearUserDataFromStorage'])->setConstructorArgs(['default', $provider, $session, $request])->getMock(); + $user = m::mock(Authenticatable::class); + + $user->shouldReceive('getRememberToken')->andReturn(null); + $user->shouldNotReceive('setRememberToken'); + $provider->shouldNotReceive('updateRememberToken'); + + $mock->setUser($user); + $mock->logout(); + } + public function testLoginMethodQueuesCookieWhenRemembering() { list($session, $provider, $request, $cookie) = $this->getMocks();