mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 21:22:40 +00:00
Invalidate sessions and Fever passwords when renaming users
This commit is contained in:
parent
5ec04d33c6
commit
405f3af257
2 changed files with 27 additions and 8 deletions
|
@ -106,12 +106,17 @@ class User {
|
||||||
|
|
||||||
public function rename(string $user, string $newName): bool {
|
public function rename(string $user, string $newName): bool {
|
||||||
if ($this->u->userRename($user, $newName)) {
|
if ($this->u->userRename($user, $newName)) {
|
||||||
|
$tr = Arsse::$db->begin();
|
||||||
if (!Arsse::$db->userExists($user)) {
|
if (!Arsse::$db->userExists($user)) {
|
||||||
Arsse::$db->userAdd($newName, null);
|
Arsse::$db->userAdd($newName, null);
|
||||||
return true;
|
|
||||||
} else {
|
} else {
|
||||||
return Arsse::$db->userRename($user, $newName);
|
Arsse::$db->userRename($user, $newName);
|
||||||
|
// invalidate any sessions and Fever passwords
|
||||||
|
Arsse::$db->sessionDestroy($newName);
|
||||||
|
Arsse::$db->tokenRevoke($newName, "fever.login");
|
||||||
}
|
}
|
||||||
|
$tr->commit();
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -183,6 +183,8 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testRenameAUser(): void {
|
public function testRenameAUser(): void {
|
||||||
|
$tr = \Phake::mock(Transaction::class);
|
||||||
|
\Phake::when(Arsse::$db)->begin->thenReturn($tr);
|
||||||
\Phake::when(Arsse::$db)->userExists->thenReturn(true);
|
\Phake::when(Arsse::$db)->userExists->thenReturn(true);
|
||||||
\Phake::when(Arsse::$db)->userAdd->thenReturn(true);
|
\Phake::when(Arsse::$db)->userAdd->thenReturn(true);
|
||||||
\Phake::when(Arsse::$db)->userRename->thenReturn(true);
|
\Phake::when(Arsse::$db)->userRename->thenReturn(true);
|
||||||
|
@ -191,12 +193,20 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
|
||||||
$old = "john.doe@example.com";
|
$old = "john.doe@example.com";
|
||||||
$new = "jane.doe@example.com";
|
$new = "jane.doe@example.com";
|
||||||
$this->assertTrue($u->rename($old, $new));
|
$this->assertTrue($u->rename($old, $new));
|
||||||
\Phake::verify($this->drv)->userRename($old, $new);
|
\Phake::inOrder(
|
||||||
\Phake::verify(Arsse::$db)->userExists($old);
|
\Phake::verify($this->drv)->userRename($old, $new),
|
||||||
\Phake::verify(Arsse::$db)->userRename($old, $new);
|
\Phake::verify(Arsse::$db)->begin(),
|
||||||
|
\Phake::verify(Arsse::$db)->userExists($old),
|
||||||
|
\Phake::verify(Arsse::$db)->userRename($old, $new),
|
||||||
|
\Phake::verify(Arsse::$db)->sessionDestroy($new),
|
||||||
|
\Phake::verify(Arsse::$db)->tokenRevoke($new, "fever.login"),
|
||||||
|
\Phake::verify($tr)->commit()
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testRenameAUserWeDoNotKnow(): void {
|
public function testRenameAUserWeDoNotKnow(): void {
|
||||||
|
$tr = \Phake::mock(Transaction::class);
|
||||||
|
\Phake::when(Arsse::$db)->begin->thenReturn($tr);
|
||||||
\Phake::when(Arsse::$db)->userExists->thenReturn(false);
|
\Phake::when(Arsse::$db)->userExists->thenReturn(false);
|
||||||
\Phake::when(Arsse::$db)->userAdd->thenReturn(true);
|
\Phake::when(Arsse::$db)->userAdd->thenReturn(true);
|
||||||
\Phake::when(Arsse::$db)->userRename->thenReturn(true);
|
\Phake::when(Arsse::$db)->userRename->thenReturn(true);
|
||||||
|
@ -205,9 +215,13 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
|
||||||
$old = "john.doe@example.com";
|
$old = "john.doe@example.com";
|
||||||
$new = "jane.doe@example.com";
|
$new = "jane.doe@example.com";
|
||||||
$this->assertTrue($u->rename($old, $new));
|
$this->assertTrue($u->rename($old, $new));
|
||||||
\Phake::verify($this->drv)->userRename($old, $new);
|
\Phake::inOrder(
|
||||||
\Phake::verify(Arsse::$db)->userExists($old);
|
\Phake::verify($this->drv)->userRename($old, $new),
|
||||||
\Phake::verify(Arsse::$db)->userAdd($new, null);
|
\Phake::verify(Arsse::$db)->begin(),
|
||||||
|
\Phake::verify(Arsse::$db)->userExists($old),
|
||||||
|
\Phake::verify(Arsse::$db)->userAdd($new, null),
|
||||||
|
\Phake::verify($tr)->commit()
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testRenameAUserWithoutEffect(): void {
|
public function testRenameAUserWithoutEffect(): void {
|
||||||
|
|
Loading…
Reference in a new issue