From 31668e8acf3980994cf183c172b8a5860bf0865a Mon Sep 17 00:00:00 2001 From: Florian Thoma Date: Tue, 13 Jul 2021 11:45:48 +1000 Subject: [PATCH] fix: remove login marker cookie on logout Apply suggestions from code review Co-authored-by: Michal Kleiner --- .../SessionAuthenticationHandler.php | 4 ++++ .../SessionAuthenticationHandlerTest.php | 20 ++++++++++++++++++- .../SessionAuthenticationHandlerTest.yml | 11 ++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml diff --git a/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php b/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php index 1ce1eaca6..196465adf 100644 --- a/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php +++ b/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php @@ -113,5 +113,9 @@ class SessionAuthenticationHandler implements AuthenticationHandler { $request = $request ?: Controller::curr()->getRequest(); $request->getSession()->destroy(true, $request); + + if (Member::config()->get('login_marker_cookie')) { + Cookie::force_expiry(Member::config()->get('login_marker_cookie')); + } } } diff --git a/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php index 800e49563..def203040 100644 --- a/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php +++ b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php @@ -4,13 +4,15 @@ namespace SilverStripe\Security\Tests\MemberAuthenticator; use SilverStripe\Control\Cookie; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\Session; +use SilverStripe\Core\Config\Config; use SilverStripe\Dev\SapphireTest; - use SilverStripe\Security\Member; use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler; class SessionAuthenticationHandlerTest extends SapphireTest { + protected static $fixture_file = 'SessionAuthenticationHandlerTest.yml'; + protected $usesDatabase = true; /** @@ -58,4 +60,20 @@ class SessionAuthenticationHandlerTest extends SapphireTest $this->assertNotNull($matchedMember); $this->assertEquals($matchedMember->Email, $member->Email); } + + public function testLoginMarkerCookie() + { + Config::modify()->set(Member::class, 'login_marker_cookie', 'sslogin'); + + /** @var Member $member */ + $member = $this->objFromFixture(Member::class, 'test'); + + $this->logInAs($member); + + $this->assertNotNull(Cookie::get('sslogin'), 'Login marker cookie is set after logging in'); + + $this->logOut(); + + $this->assertNull(Cookie::get('sslogin'), 'Login marker cookie is deleted after logging out'); + } } diff --git a/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml new file mode 100644 index 000000000..10fbbcfb1 --- /dev/null +++ b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml @@ -0,0 +1,11 @@ +'SilverStripe\Security\Group': + usergroup: + Title: usergroup + Code: usergroup +'SilverStripe\Security\Member': + test: + FirstName: Test + Surname: User + Email: testuser@example.com + Password: 1nitialPassword + Groups: '=>SilverStripe\Security\Group.usergroup'