Skip to content

Commit

Permalink
Merge pull request #126 from akrabat/remove-token-on-validation
Browse files Browse the repository at this point in the history
Remove token on validation
  • Loading branch information
l0gicgate authored Jan 7, 2021
2 parents 0353885 + cb87504 commit d641663
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 22 deletions.
4 changes: 2 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ before_script:
- composer install -n

script:
- if [[ "$ANALYSIS" != 'true' ]]; then vendor/bin/phpunit ; fi
- if [[ "$ANALYSIS" == 'true' ]]; then vendor/bin/phpunit --coverage-clover clover.xml ; fi
- if [[ "$ANALYSIS" != 'true' ]]; then XDEBUG_MODE=coverage ./vendor/bin/phpunit; fi
- if [[ "$ANALYSIS" == 'true' ]]; then XDEBUG_MODE=coverage ./vendor/bin/phpunit --coverage-clover clover.xml ; fi

after_success:
- if [[ "$ANALYSIS" == 'true' ]]; then vendor/bin/php-coveralls --coverage_clover=clover.xml -v ; fi
13 changes: 6 additions & 7 deletions src/Guard.php
Original file line number Diff line number Diff line change
Expand Up @@ -415,14 +415,13 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
$value = $body[$this->getTokenValueKey()] ?? null;
}

if ($name === null
|| $value === null
|| !$this->validateToken((string) $name, (string) $value)
) {
if (!$this->persistentTokenMode && is_string($name)) {
$this->removeTokenFromStorage($name);
}
$isValid = $this->validateToken((string) $name, (string) $value);
if ($isValid && !$this->persistentTokenMode) {
// successfully validated token, so delete it if not in persistentTokenMode
$this->removeTokenFromStorage($name);
}

if ($name === null || $value === null || !$isValid) {
$request = $this->appendNewTokenToRequest($request);
return $this->handleFailure($request, $handler);
}
Expand Down
29 changes: 16 additions & 13 deletions tests/GuardTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -279,43 +279,46 @@ public function testEnforceStorageLimitWithIterator()

public function testTokenIsRemovedFromStorageWhenPersistentModeIsOff()
{
$self = $this;

$storage = [
'test_name' => 'test_value123',
];

$responseProphecy = $this->prophesize(ResponseInterface::class)
->willImplement(ResponseInterface::class);

$requestHandlerProphecy = $this->prophesize(RequestHandlerInterface::class);
$requestHandlerProphecy
->handle(Argument::type(ServerRequestInterface::class))
->willReturn($responseProphecy->reveal())
->shouldBeCalledOnce();

$responseFactoryProphecy = $this->prophesize(ResponseFactoryInterface::class);
$handler = function () use ($self, &$called) {
$responseProphecy = $self->prophesize(ResponseInterface::class);
return $responseProphecy->reveal();
};
$mw = new Guard($responseFactoryProphecy->reveal(), 'test', $storage, $handler);

$mw = new Guard($responseFactoryProphecy->reveal(), 'test', $storage);

$requestProphecy = $this->prophesize(ServerRequestInterface::class);
$requestProphecy
->getMethod()
->willReturn('POST')
->shouldBeCalledOnce();

$requestProphecy
->withAttribute(Argument::type('string'), Argument::type('string'))
->willReturn($requestProphecy->reveal())
->shouldBeCalledTimes(2);

$requestProphecy
->getParsedBody()
->willReturn([
'test_name' => 'test_name123',
'test_value' => 'invalid_value',
'test_name' => 'test_name',
'test_value' => 'test_value123',
])
->shouldBeCalledOnce();

$requestHandlerProphecy = $this->prophesize(RequestHandlerInterface::class);

$mw->process($requestProphecy->reveal(), $requestHandlerProphecy->reveal());
$this->assertArrayNotHasKey('test_name123', $storage);
self::assertArrayNotHasKey('test_name', $storage);
}


public function testProcessAppendsNewTokensWhenPersistentTokenModeIsOff()
{
$storage = [];
Expand Down

0 comments on commit d641663

Please sign in to comment.