Add test to handle external validations

be-heiglandreas · be-heiglandreas · commit f3ca91facdee · 2022-06-24T10:06:55.000+02:00
This adds a test that verifies that a custom tokenVerifier also works
as expected. As a custom tokenVerifier might verify tokens in a
different way and might also verify tokens that the default might not
verify it is important that the remaining process still works as
intended.

The reasoning behind that is, that with the current behaviour tokens
that do not verify via the default way will result in a CookieTheft
Exception.
diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
 use Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface;
+use Symfony\Component\Security\Core\Authentication\RememberMe\TokenVerifierInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\CookieTheftException;
 use Symfony\Component\Security\Core\User\InMemoryUser;
@@ -102,6 +103,42 @@ public function testConsumeRememberMeCookieValid()
         $this->assertSame(explode(':', $rememberParts[3])[0], explode(':', $cookieParts[3])[0]); // series
     }
 
+    public function testConsumeRememberMeCookieValidByValidatorWithoutUpdate()
+    {
+        $verifier = $this->createMock(TokenVerifierInterface::class);
+        $handler = new PersistentRememberMeHandler($this->tokenProvider, 'secret', $this->userProvider, $this->requestStack, [], null, $verifier);
+
+        $persistentToken = new PersistentToken(InMemoryUser::class, 'wouter', 'series1', 'tokenvalue', new \DateTime('30 seconds'));
+
+        $this->tokenProvider->expects($this->any())
+            ->method('loadTokenBySeries')
+            ->with('series1')
+            ->willReturn($persistentToken)
+        ;
+
+        $verifier->expects($this->any())
+            ->method('verifyToken')
+            ->with($persistentToken, 'oldTokenValue')
+            ->willReturn(true)
+        ;
+
+        $rememberMeDetails = new RememberMeDetails(InMemoryUser::class, 'wouter', 360, 'series1:oldTokenValue');
+        $handler->consumeRememberMeCookie($rememberMeDetails);
+
+        // assert that the cookie has been updated with a new base64 encoded token value
+        $this->assertTrue($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));
+
+        /** @var Cookie $cookie */
+        $cookie = $this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME);
+
+        $cookieParts = explode(':', base64_decode($cookie->getValue()), 4);
+
+        $this->assertSame(InMemoryUser::class, $cookieParts[0]); // class
+        $this->assertSame(base64_encode('wouter'), $cookieParts[1]); // identifier
+        $this->assertSame('360', $cookieParts[2]); // expire
+        $this->assertSame('series1:tokenvalue', $cookieParts[3]); // value
+    }
+
     public function testConsumeRememberMeCookieInvalidToken()
     {
         $this->expectException(CookieTheftException::class);
