Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move Identity Cookie code into separate functions and cleanup invalid identity cookies #11558

Closed
wants to merge 12 commits into from
Closed

Move Identity Cookie code into separate functions and cleanup invalid identity cookies #11558

wants to merge 12 commits into from

Conversation

ghost
Copy link

@ghost ghost commented May 12, 2016

Q A
Is bugfix? no
New feature? yes
Breaks BC? no
Tests pass? yes
Fixed issues #8795

Michael-Labriola and others added 2 commits May 12, 2016 18:00
@Michael-Labriola
modified: framework/CHANGELOG.md
99bc9e2 
	modified:   framework/web/User.php
	modified:   tests/framework/web/UserTest.php
Update CHANGELOG.md
08be87b
@ghost
Copy link
Author

ghost commented May 13, 2016

I've this code in my application: https://ideone.com/oygl4K
It was necessary to me to separate the parse cookie logic, because you can have a console application that uses cookies (e.g. websocket).

@ghost ghost mentioned this pull request May 14, 2016
Closed
sdlins
sdlins reviewed May 14, 2016
View reviewed changes
framework/web/User.php
/**
* Removes the identity cookie.
* This method is used when [[enableAutoLogin]] is true.
* @param IdentityInterface $identity
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here it seems that this @param was forgotten since your method has no params.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I had originally intended to pass $identity in case it was needed, but someone told me that was a bad idea. So I took it out and neglected to update the comment.

@SilverFire SilverFire added status:to be verified Needs to be reproduced and validated. type:enhancement labels May 15, 2016
@SilverFire SilverFire added this to the 2.0.9 milestone May 15, 2016
SilverFire
SilverFire reviewed May 15, 2016
View reviewed changes
framework/web/User.php

/**
* Removes the identity cookie.
* This method is used when [[enableAutoLogin]] is true.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@since 2.0.9

@SilverFire SilverFire self-assigned this May 15, 2016
@SilverFire
Copy link
Member

Generally looks good. Could you add a CHNAGELOG line, please?

@SilverFire SilverFire removed the status:to be verified Needs to be reproduced and validated. label May 15, 2016
@ghost
Copy link
Author

ghost commented May 15, 2016

OK. I made those changes. Thank you!

samdark
samdark reviewed May 15, 2016
View reviewed changes
framework/web/User.php
return;
}
$data = json_decode($value, true);
if (count($data) === 3 && isset($data[0], $data[1], $data[2])) {
Copy link
Member

@samdark samdark May 15, 2016
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure count($data) check is needed. Also count() won't work with non-arrays which may appear after json_decode. issets should be enough.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, it's better to use Json::decode because of enhanced error handling.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed my code to use Json::decode and did some testing. If the contents of the cookie are malformed in some way and Json::decode is used, then an exception will be thrown. When json_decode is used, my code recognizes that the contents are not usable, no cookie login is performed, and a standard login screen is presented. I think the behavior using json_decode is preferable, so I change it back.

@SilverFire
Copy link
Member

Merged 7249a6c with minor adjustments 38be744

@SilverFire SilverFire closed this May 22, 2016
@SilverFire
Copy link
Member

Thank you @maine-mike!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@SilverFire SilverFire

Labels
type:enhancement
Projects
None yet
Milestone
2.0.9
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@SilverFire @samdark @sdlins @Michael-Labriola