1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 21:22:40 +00:00

Invalidate sessions and Fever passwords when renaming users

This commit is contained in:
J. King 2020-12-25 22:22:37 -05:00
parent 5ec04d33c6
commit 405f3af257
2 changed files with 27 additions and 8 deletions

View file

@ -106,12 +106,17 @@ class User {
public function rename(string $user, string $newName): bool { public function rename(string $user, string $newName): bool {
if ($this->u->userRename($user, $newName)) { if ($this->u->userRename($user, $newName)) {
$tr = Arsse::$db->begin();
if (!Arsse::$db->userExists($user)) { if (!Arsse::$db->userExists($user)) {
Arsse::$db->userAdd($newName, null); Arsse::$db->userAdd($newName, null);
return true;
} else { } else {
return Arsse::$db->userRename($user, $newName); Arsse::$db->userRename($user, $newName);
// invalidate any sessions and Fever passwords
Arsse::$db->sessionDestroy($newName);
Arsse::$db->tokenRevoke($newName, "fever.login");
} }
$tr->commit();
return true;
} }
return false; return false;
} }

View file

@ -183,6 +183,8 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
} }
public function testRenameAUser(): void { public function testRenameAUser(): void {
$tr = \Phake::mock(Transaction::class);
\Phake::when(Arsse::$db)->begin->thenReturn($tr);
\Phake::when(Arsse::$db)->userExists->thenReturn(true); \Phake::when(Arsse::$db)->userExists->thenReturn(true);
\Phake::when(Arsse::$db)->userAdd->thenReturn(true); \Phake::when(Arsse::$db)->userAdd->thenReturn(true);
\Phake::when(Arsse::$db)->userRename->thenReturn(true); \Phake::when(Arsse::$db)->userRename->thenReturn(true);
@ -191,12 +193,20 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
$old = "john.doe@example.com"; $old = "john.doe@example.com";
$new = "jane.doe@example.com"; $new = "jane.doe@example.com";
$this->assertTrue($u->rename($old, $new)); $this->assertTrue($u->rename($old, $new));
\Phake::verify($this->drv)->userRename($old, $new); \Phake::inOrder(
\Phake::verify(Arsse::$db)->userExists($old); \Phake::verify($this->drv)->userRename($old, $new),
\Phake::verify(Arsse::$db)->userRename($old, $new); \Phake::verify(Arsse::$db)->begin(),
\Phake::verify(Arsse::$db)->userExists($old),
\Phake::verify(Arsse::$db)->userRename($old, $new),
\Phake::verify(Arsse::$db)->sessionDestroy($new),
\Phake::verify(Arsse::$db)->tokenRevoke($new, "fever.login"),
\Phake::verify($tr)->commit()
);
} }
public function testRenameAUserWeDoNotKnow(): void { public function testRenameAUserWeDoNotKnow(): void {
$tr = \Phake::mock(Transaction::class);
\Phake::when(Arsse::$db)->begin->thenReturn($tr);
\Phake::when(Arsse::$db)->userExists->thenReturn(false); \Phake::when(Arsse::$db)->userExists->thenReturn(false);
\Phake::when(Arsse::$db)->userAdd->thenReturn(true); \Phake::when(Arsse::$db)->userAdd->thenReturn(true);
\Phake::when(Arsse::$db)->userRename->thenReturn(true); \Phake::when(Arsse::$db)->userRename->thenReturn(true);
@ -205,9 +215,13 @@ class TestUser extends \JKingWeb\Arsse\Test\AbstractTest {
$old = "john.doe@example.com"; $old = "john.doe@example.com";
$new = "jane.doe@example.com"; $new = "jane.doe@example.com";
$this->assertTrue($u->rename($old, $new)); $this->assertTrue($u->rename($old, $new));
\Phake::verify($this->drv)->userRename($old, $new); \Phake::inOrder(
\Phake::verify(Arsse::$db)->userExists($old); \Phake::verify($this->drv)->userRename($old, $new),
\Phake::verify(Arsse::$db)->userAdd($new, null); \Phake::verify(Arsse::$db)->begin(),
\Phake::verify(Arsse::$db)->userExists($old),
\Phake::verify(Arsse::$db)->userAdd($new, null),
\Phake::verify($tr)->commit()
);
} }
public function testRenameAUserWithoutEffect(): void { public function testRenameAUserWithoutEffect(): void {