Skip to content

Commit 2ed570b

Browse files
novacuumnovacuum
committed
feat: update tests for checking cookie rotation when login or remember token is used
1 parent 2e5a801 commit 2ed570b

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

framework/core/tests/integration/forum/LoginTest.php

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,15 @@
99

1010
namespace Flarum\Tests\integration\forum;
1111

12+
use Dflydev\FigCookies\FigResponseCookies;
1213
use Flarum\Extend;
1314
use Flarum\Http\AccessToken;
15+
use Flarum\Http\CookieFactory;
16+
use Flarum\Http\RememberAccessToken;
17+
use Flarum\Http\Rememberer;
1418
use Flarum\Testing\integration\RetrievesAuthorizedUsers;
1519
use Flarum\Testing\integration\TestCase;
20+
use Illuminate\Support\Str;
1621

1722
class LoginTest extends TestCase
1823
{
@@ -70,16 +75,25 @@ public function cant_login_with_wrong_password()
7075
*/
7176
public function can_login_with_data()
7277
{
78+
$id = Str::random(40);
79+
$this->app();
80+
$cookieFactory = resolve(CookieFactory::class);
81+
$sessionCookieName = $cookieFactory->getName('session');
82+
7383
$response = $this->send(
7484
$this->request('POST', '/login', [
7585
'json' => [
7686
'identification' => 'normal',
7787
'password' => 'too-obscure'
7888
]
89+
])->withCookieParams([
90+
$sessionCookieName => $id
7991
])
8092
);
8193

8294
$this->assertEquals(200, $response->getStatusCode());
95+
$cookie = FigResponseCookies::get($response, $sessionCookieName);
96+
$this->assertNotEquals($id, $cookie->getValue());
8397

8498
// The response body should contain the user ID...
8599
$body = (string) $response->getBody();
@@ -92,4 +106,28 @@ public function can_login_with_data()
92106
$token = $data['token'];
93107
$this->assertEquals(2, AccessToken::whereToken($token)->firstOrFail()->user_id);
94108
}
109+
110+
/**
111+
* @test
112+
*/
113+
public function can_login_with_remember_token()
114+
{
115+
$this->app();
116+
$rememberToken = RememberAccessToken::generate(1);
117+
$id = Str::random(40);
118+
$cookieFactory = resolve(CookieFactory::class);
119+
$sessionCookieName = $cookieFactory->getName('session');
120+
$rememberCookieName = $cookieFactory->getName(Rememberer::COOKIE_NAME);
121+
122+
$response = $this->send(
123+
$this->request('GET', '/settings')->withCookieParams([
124+
$sessionCookieName => $id,
125+
$rememberCookieName => $rememberToken->token
126+
])
127+
);
128+
129+
$this->assertEquals(200, $response->getStatusCode());
130+
$cookie = FigResponseCookies::get($response, $sessionCookieName);
131+
$this->assertNotEquals($id, $cookie->getValue());
132+
}
95133
}

0 commit comments

Comments
 (0)