Логика уничтожения активных сессий вынесена в компонент User

Теперь при смене пароля и включении двухфакторной аутентификации также очищаются и сессии Minecraft
2025-05-31 14:11:46 +05:30 · 2017-02-23 02:01:32 +03:00
parent 7bf8260331
commit 689919fc17
6 changed files with 105 additions and 26 deletions
--- a/tests/codeception/api/unit/components/User/ComponentTest.php
+++ b/tests/codeception/api/unit/components/User/ComponentTest.php
@@ -15,6 +15,7 @@ use tests\codeception\api\unit\TestCase;
 use tests\codeception\common\_support\ProtectedCaller;
 use tests\codeception\common\fixtures\AccountFixture;
 use tests\codeception\common\fixtures\AccountSessionFixture;
+use tests\codeception\common\fixtures\MinecraftAccessKeyFixture;
 use Yii;
 use yii\web\Request;

@@ -36,6 +37,7 @@ class ComponentTest extends TestCase {
        return [
            'accounts' => AccountFixture::class,
            'sessions' => AccountSessionFixture::class,
+            'minecraftSessions' => MinecraftAccessKeyFixture::class,
        ];
    }

@@ -166,6 +168,43 @@ class ComponentTest extends TestCase {
        });
    }

+    public function testTerminateSessions() {
+        /** @var AccountSession $session */
+        $session = AccountSession::findOne($this->tester->grabFixture('sessions', 'admin2')['id']);
+
+        /** @var Component|\PHPUnit_Framework_MockObject_MockObject $component */
+        $component = $this->getMockBuilder(Component::class)
+            ->setMethods(['getActiveSession'])
+            ->setConstructorArgs([$this->getComponentArguments()])
+            ->getMock();
+
+        $component
+            ->expects($this->exactly(1))
+            ->method('getActiveSession')
+            ->willReturn($session);
+
+        /** @var AccountIdentity $identity */
+        $identity = AccountIdentity::findOne($this->tester->grabFixture('accounts', 'admin')['id']);
+        $component->login($identity, true);
+
+        $component->terminateSessions(0);
+        $this->assertNotEmpty($identity->getMinecraftAccessKeys()->all());
+        $this->assertNotEmpty($identity->getSessions()->all());
+
+        $component->terminateSessions(Component::TERMINATE_MINECRAFT_SESSIONS);
+        $this->assertEmpty($identity->getMinecraftAccessKeys()->all());
+        $this->assertNotEmpty($identity->getSessions()->all());
+
+        $component->terminateSessions(Component::TERMINATE_SITE_SESSIONS | Component::DO_NOT_TERMINATE_CURRENT_SESSION);
+        $sessions = $identity->getSessions()->all();
+        $this->assertEquals(1, count($sessions));
+        $this->assertTrue($sessions[0]->id === $session->id);
+
+        $component->terminateSessions(Component::TERMINATE_ALL);
+        $this->assertEmpty($identity->getSessions()->all());
+        $this->assertEmpty($identity->getMinecraftAccessKeys()->all());
+    }
+
    public function testSerializeToken() {
        $this->specify('get string, contained jwt token', function() {
            $token = new Token();
--- a/tests/codeception/api/unit/models/profile/ChangePasswordFormTest.php
+++ b/tests/codeception/api/unit/models/profile/ChangePasswordFormTest.php
@@ -97,7 +97,7 @@ class ChangePasswordFormTest extends TestCase {
    public function testChangePasswordWithLogout() {
        /** @var Component|\PHPUnit_Framework_MockObject_MockObject $component */
        $component = $this->getMockBuilder(Component::class)
-            ->setMethods(['getActiveSession'])
+            ->setMethods(['getActiveSession', 'terminateSessions'])
            ->setConstructorArgs([[
                'identityClass' => AccountIdentity::class,
                'enableSession' => false,
@@ -114,25 +114,22 @@ class ChangePasswordFormTest extends TestCase {
            ->method('getActiveSession')
            ->will($this->returnValue($session));

+        $component
+            ->expects($this->once())
+            ->method('terminateSessions');
+
        Yii::$app->set('user', $component);

-        $this->specify('change password with removing all session, except current', function() use ($session) {
-            /** @var Account $account */
-            $account = Account::findOne($this->tester->grabFixture('accounts', 'admin')['id']);
+        /** @var Account $account */
+        $account = $this->tester->grabFixture('accounts', 'admin');
+        $model = new ChangePasswordForm($account, [
+            'password' => 'password_0',
+            'newPassword' => 'my-new-password',
+            'newRePassword' => 'my-new-password',
+            'logoutAll' => true,
+        ]);

-            $model = new ChangePasswordForm($account, [
-                'password' => 'password_0',
-                'newPassword' => 'my-new-password',
-                'newRePassword' => 'my-new-password',
-                'logoutAll' => true,
-            ]);
-
-            expect($model->changePassword())->true();
-            /** @var AccountSession[] $sessions */
-            $sessions = $account->getSessions()->all();
-            expect(count($sessions))->equals(1);
-            expect($sessions[0]->id)->equals($session->id);
-        });
+        $this->assertTrue($model->changePassword());
    }

 }
--- a/tests/codeception/api/unit/models/profile/TwoFactorAuthFormTest.php
+++ b/tests/codeception/api/unit/models/profile/TwoFactorAuthFormTest.php
@@ -1,12 +1,15 @@
 <?php
 namespace tests\codeception\api\unit\models\profile;

+use api\components\User\Component;
+use api\models\AccountIdentity;
 use api\models\profile\TwoFactorAuthForm;
 use common\helpers\Error as E;
 use common\models\Account;
 use OTPHP\TOTP;
 use tests\codeception\api\unit\TestCase;
 use tests\codeception\common\_support\ProtectedCaller;
+use Yii;

 class TwoFactorAuthFormTest extends TestCase {
    use ProtectedCaller;
@@ -69,6 +72,23 @@ class TwoFactorAuthFormTest extends TestCase {
    }

    public function testActivate() {
+        /** @var Component|\PHPUnit_Framework_MockObject_MockObject $component */
+        $component = $this->getMockBuilder(Component::class)
+            ->setMethods(['terminateSessions'])
+            ->setConstructorArgs([[
+                'identityClass' => AccountIdentity::class,
+                'enableSession' => false,
+                'loginUrl' => null,
+                'secret' => 'secret',
+            ]])
+            ->getMock();
+
+        $component
+            ->expects($this->once())
+            ->method('terminateSessions');
+
+        Yii::$app->set('user', $component);
+
        /** @var Account|\PHPUnit_Framework_MockObject_MockObject $account */
        $account = $this->getMockBuilder(Account::class)
            ->setMethods(['save'])