From fa90bbb74b5c4fd882933f1dbf61c81629170df1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 16:37:15 +0000 Subject: [PATCH 1/2] Update all non-major dependencies | datasource | package | from | to | | ---------- | --------------------------------- | ------ | ------ | | packagist | laminas/laminas-diactoros | 2.19.0 | 2.20.0 | | packagist | laminas/laminas-httphandlerrunner | 2.3.0 | 2.4.0 | | packagist | phpunit/phpunit | 9.5.25 | 9.5.26 | --- composer.json | 6 +++--- composer.lock | 46 +++++++++++++++++++++++----------------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/composer.json b/composer.json index c0597a0a..3ac38b4f 100644 --- a/composer.json +++ b/composer.json @@ -32,9 +32,9 @@ }, "require-dev": { "doctrine/coding-standard": "^10.0.0", - "laminas/laminas-diactoros": "^2.19.0", - "laminas/laminas-httphandlerrunner": "^2.3.0", - "phpunit/phpunit": "^9.5.25", + "laminas/laminas-diactoros": "^2.20.0", + "laminas/laminas-httphandlerrunner": "^2.4.0", + "phpunit/phpunit": "^9.5.26", "psalm/plugin-phpunit": "^0.17.0", "roave/infection-static-analysis-plugin": "^1.25.0", "squizlabs/php_codesniffer": "^3.7.1", diff --git a/composer.lock b/composer.lock index cde2bb6f..985d743a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "74c18239c1f8fa79babde88c531c5bb2", + "content-hash": "306c3fa3d77bdfa0f46d0cecbdd58f7a", "packages": [ { "name": "dflydev/fig-cookies", @@ -1676,16 +1676,16 @@ }, { "name": "laminas/laminas-diactoros", - "version": "2.19.0", + "version": "2.20.0", "source": { "type": "git", "url": "https://github.com/laminas/laminas-diactoros.git", - "reference": "b3c7e9262b4fbec801d8df2370cdebb4f5d3a0ae" + "reference": "10696c809866bebd9d71dca14de6c0d6c1cac2f8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-diactoros/zipball/b3c7e9262b4fbec801d8df2370cdebb4f5d3a0ae", - "reference": "b3c7e9262b4fbec801d8df2370cdebb4f5d3a0ae", + "url": "https://api.github.com/repos/laminas/laminas-diactoros/zipball/10696c809866bebd9d71dca14de6c0d6c1cac2f8", + "reference": "10696c809866bebd9d71dca14de6c0d6c1cac2f8", "shasum": "" }, "require": { @@ -1769,20 +1769,20 @@ "type": "community_bridge" } ], - "time": "2022-10-10T21:28:03+00:00" + "time": "2022-10-25T13:35:54+00:00" }, { "name": "laminas/laminas-httphandlerrunner", - "version": "2.3.0", + "version": "2.4.0", "source": { "type": "git", "url": "https://github.com/laminas/laminas-httphandlerrunner.git", - "reference": "3c9491473b7decd8f329266a3cb6226a1f90594c" + "reference": "d15af53895fd581b5a448a09fd9a4baebc4ae6e5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laminas/laminas-httphandlerrunner/zipball/3c9491473b7decd8f329266a3cb6226a1f90594c", - "reference": "3c9491473b7decd8f329266a3cb6226a1f90594c", + "url": "https://api.github.com/repos/laminas/laminas-httphandlerrunner/zipball/d15af53895fd581b5a448a09fd9a4baebc4ae6e5", + "reference": "d15af53895fd581b5a448a09fd9a4baebc4ae6e5", "shasum": "" }, "require": { @@ -1836,7 +1836,7 @@ "type": "community_bridge" } ], - "time": "2022-10-10T19:52:02+00:00" + "time": "2022-10-25T13:41:39+00:00" }, { "name": "myclabs/deep-copy", @@ -2458,16 +2458,16 @@ }, { "name": "phpunit/php-code-coverage", - "version": "9.2.17", + "version": "9.2.18", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "aa94dc41e8661fe90c7316849907cba3007b10d8" + "reference": "12fddc491826940cf9b7e88ad9664cf51f0f6d0a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/aa94dc41e8661fe90c7316849907cba3007b10d8", - "reference": "aa94dc41e8661fe90c7316849907cba3007b10d8", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/12fddc491826940cf9b7e88ad9664cf51f0f6d0a", + "reference": "12fddc491826940cf9b7e88ad9664cf51f0f6d0a", "shasum": "" }, "require": { @@ -2523,7 +2523,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", - "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.17" + "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.18" }, "funding": [ { @@ -2531,7 +2531,7 @@ "type": "github" } ], - "time": "2022-08-30T12:24:04+00:00" + "time": "2022-10-27T13:35:33+00:00" }, { "name": "phpunit/php-file-iterator", @@ -2776,16 +2776,16 @@ }, { "name": "phpunit/phpunit", - "version": "9.5.25", + "version": "9.5.26", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "3e6f90ca7e3d02025b1d147bd8d4a89fd4ca8a1d" + "reference": "851867efcbb6a1b992ec515c71cdcf20d895e9d2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/3e6f90ca7e3d02025b1d147bd8d4a89fd4ca8a1d", - "reference": "3e6f90ca7e3d02025b1d147bd8d4a89fd4ca8a1d", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/851867efcbb6a1b992ec515c71cdcf20d895e9d2", + "reference": "851867efcbb6a1b992ec515c71cdcf20d895e9d2", "shasum": "" }, "require": { @@ -2858,7 +2858,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", - "source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.25" + "source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.26" }, "funding": [ { @@ -2874,7 +2874,7 @@ "type": "tidelift" } ], - "time": "2022-09-25T03:44:45+00:00" + "time": "2022-10-28T06:00:21+00:00" }, { "name": "psalm/plugin-phpunit", From 7b0cb46122ce1e8178198b0cbda49ca0d2cda05c Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Mon, 31 Oct 2022 18:14:24 +0100 Subject: [PATCH 2/2] Optimization: no need to check session container when checking if the token needs refresh * an empty or invalid token will produce an empty session container * an empty session container, if not changed, will not be refreshed * a valid token with an empty session will be left to expire anyway * a valid token with a non-empty session will be refreshed This also removes a mutation that caused our CI to fail: ``` 1) /home/ocramius/Documents/psr7-sessions/storageless/src/Storageless/Http/SessionMiddleware.php:215 [M] NotIdentical --- Original +++ New @@ @@ { $refreshTime = $this->clock->now()->sub(new DateInterval(sprintf('PT%sS', $this->refreshTime))); assert($refreshTime !== false); - return $token !== null && $token->hasBeenIssuedBefore($refreshTime); + return $token === null && $token->hasBeenIssuedBefore($refreshTime); } /** @throws BadMethodCallException */ private function getTokenCookie(SessionInterface $sessionContainer) : SetCookie [warning] Dashboard report has not been sent: The current process is not executed in a CI build Time: 9s. Memory: 0.10GB [ERROR] The minimum required MSI percentage should be 100%, but actual is 97.3%. Improve your tests! ``` --- src/Storageless/Http/SessionMiddleware.php | 9 ++++--- .../Http/SessionMiddlewareTest.php | 27 +++++++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/src/Storageless/Http/SessionMiddleware.php b/src/Storageless/Http/SessionMiddleware.php index 673d9bea..2e6aa12d 100644 --- a/src/Storageless/Http/SessionMiddleware.php +++ b/src/Storageless/Http/SessionMiddleware.php @@ -199,7 +199,7 @@ private function appendToken(SessionInterface $sessionContainer, Response $respo return FigResponseCookies::set($response, $this->getExpirationCookie()); } - if ($sessionContainerChanged || ($this->shouldTokenBeRefreshed($token) && ! $sessionContainer->isEmpty())) { + if ($sessionContainerChanged || $this->shouldTokenBeRefreshed($token)) { return FigResponseCookies::set($response, $this->getTokenCookie($sessionContainer)); } @@ -208,12 +208,15 @@ private function appendToken(SessionInterface $sessionContainer, Response $respo private function shouldTokenBeRefreshed(Token|null $token): bool { + if ($token === null) { + return false; + } + $refreshTime = $this->clock->now()->sub(new DateInterval(sprintf('PT%sS', $this->refreshTime))); assert($refreshTime !== false); - return $token !== null - && $token->hasBeenIssuedBefore($refreshTime); + return $token->hasBeenIssuedBefore($refreshTime); } /** @throws BadMethodCallException */ diff --git a/test/StoragelessTest/Http/SessionMiddlewareTest.php b/test/StoragelessTest/Http/SessionMiddlewareTest.php index 97da5a41..69135d64 100644 --- a/test/StoragelessTest/Http/SessionMiddlewareTest.php +++ b/test/StoragelessTest/Http/SessionMiddlewareTest.php @@ -367,6 +367,33 @@ public function testWillRefreshTokenWithIssuedAtExactlyAtTokenRefreshTimeThresho self::assertEquals($now, $token->claims()->get(RegisteredClaims::ISSUED_AT), 'Token was refreshed'); } + public function testWillNotRefreshATokenForARequestWithNoGivenTokenAndNoSessionModification(): void + { + $key = self::makeRandomSymmetricKey(); + $middleware = new SessionMiddleware( + Configuration::forAsymmetricSigner( + new Sha256(), + $key, + $key, + ), + SetCookie::create(SessionMiddleware::DEFAULT_COOKIE), + 1000, + new FrozenClock(new DateTimeImmutable()), + 100, + ); + + self::assertNull( + $this + ->getCookie($middleware->process( + (new ServerRequest()) + ->withCookieParams([SessionMiddleware::DEFAULT_COOKIE => 'invalid-token']), + $this->fakeDelegate(static fn (): ResponseInterface => new Response()), + )) + ->getValue(), + 'No session cookie was set, since session data was not changed, and the token was not valid', + ); + } + /** * @param callable(): SessionMiddleware $middlewareFactory *