mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 13:12:41 +00:00
Invalidate sessions and Fever passwords when renaming users
This commit is contained in:
parent
5ec04d33c6
commit
405f3af257
2 changed files with 27 additions and 8 deletions
|
@ -106,12 +106,17 @@ class User {
|
|||
|
||||
public function rename(string $user, string $newName): bool {
|
||||
if ($this->u->userRename($user, $newName)) {
|
||||
$tr = Arsse::$db->begin();
|
||||
if (!Arsse::$db->userExists($user)) {
|
||||
Arsse::$db->userAdd($newName, null);
|
||||
return true;
|
||||
} else {
|
||||
return Arsse::$db->userRename($user, $newName);
|
||||
Arsse::$db->userRename($user, $newName);
|
||||
// invalidate any sessions and Fever passwords
|
||||
Arsse::$db->sessionDestroy($newName);
|
||||
Arsse::$db->tokenRevoke($newName, "fever.login");
|
||||
}
|
||||
$tr->commit();
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -183,6 +183,8 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
|
|||
}
|
||||
|
||||
public function testRenameAUser(): void {
|
||||
$tr = \Phake::mock(Transaction::class);
|
||||
\Phake::when(Arsse::$db)->begin->thenReturn($tr);
|
||||
\Phake::when(Arsse::$db)->userExists->thenReturn(true);
|
||||
\Phake::when(Arsse::$db)->userAdd->thenReturn(true);
|
||||
\Phake::when(Arsse::$db)->userRename->thenReturn(true);
|
||||
|
@ -191,12 +193,20 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
|
|||
$old = "john.doe@example.com";
|
||||
$new = "jane.doe@example.com";
|
||||
$this->assertTrue($u->rename($old, $new));
|
||||
\Phake::verify($this->drv)->userRename($old, $new);
|
||||
\Phake::verify(Arsse::$db)->userExists($old);
|
||||
\Phake::verify(Arsse::$db)->userRename($old, $new);
|
||||
\Phake::inOrder(
|
||||
\Phake::verify($this->drv)->userRename($old, $new),
|
||||
\Phake::verify(Arsse::$db)->begin(),
|
||||
\Phake::verify(Arsse::$db)->userExists($old),
|
||||
\Phake::verify(Arsse::$db)->userRename($old, $new),
|
||||
\Phake::verify(Arsse::$db)->sessionDestroy($new),
|
||||
\Phake::verify(Arsse::$db)->tokenRevoke($new, "fever.login"),
|
||||
\Phake::verify($tr)->commit()
|
||||
);
|
||||
}
|
||||
|
||||
public function testRenameAUserWeDoNotKnow(): void {
|
||||
$tr = \Phake::mock(Transaction::class);
|
||||
\Phake::when(Arsse::$db)->begin->thenReturn($tr);
|
||||
\Phake::when(Arsse::$db)->userExists->thenReturn(false);
|
||||
\Phake::when(Arsse::$db)->userAdd->thenReturn(true);
|
||||
\Phake::when(Arsse::$db)->userRename->thenReturn(true);
|
||||
|
@ -205,9 +215,13 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
|
|||
$old = "john.doe@example.com";
|
||||
$new = "jane.doe@example.com";
|
||||
$this->assertTrue($u->rename($old, $new));
|
||||
\Phake::verify($this->drv)->userRename($old, $new);
|
||||
\Phake::verify(Arsse::$db)->userExists($old);
|
||||
\Phake::verify(Arsse::$db)->userAdd($new, null);
|
||||
\Phake::inOrder(
|
||||
\Phake::verify($this->drv)->userRename($old, $new),
|
||||
\Phake::verify(Arsse::$db)->begin(),
|
||||
\Phake::verify(Arsse::$db)->userExists($old),
|
||||
\Phake::verify(Arsse::$db)->userAdd($new, null),
|
||||
\Phake::verify($tr)->commit()
|
||||
);
|
||||
}
|
||||
|
||||
public function testRenameAUserWithoutEffect(): void {
|
||||
|
|
Loading…
Reference in a new issue