CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
updateExistingToken example
$lastUsed, $series, $tokenValue, $class] = explode(':', $rememberMeDetails->getValue(), 4);
$persistentToken = new PersistentToken($class, $rememberMeDetails->getUserIdentifier(), $series, $tokenValue, new \DateTimeImmutable('@'.$lastUsed));
// if a token was regenerated less than a minute ago, there is no need to regenerate it // if multiple concurrent requests reauthenticate a user we do not want to update the token several times if ($persistentToken->getLastUsed()->getTimestamp() + 60 >= time()) {
return;
}
$tokenValue = strtr(base64_encode(random_bytes(33)), '+/=', '-_~');
$tokenLastUsed = new \DateTime();
$this->tokenVerifier?->updateExistingToken($persistentToken, $tokenValue, $tokenLastUsed);
$this->tokenProvider->updateToken($series, $tokenValue, $tokenLastUsed);
$this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
}
public function clearRememberMeCookie(): void
{
parent::clearRememberMeCookie();
$cookie = $this->requestStack->getMainRequest()->cookies->get($this->options['name']);
if (null === $cookie) {
$persistentToken = new PersistentToken($class, $rememberMeDetails->getUserIdentifier(), $series, $tokenValue, new \DateTimeImmutable('@'.$lastUsed));
// if a token was regenerated less than a minute ago, there is no need to regenerate it // if multiple concurrent requests reauthenticate a user we do not want to update the token several times if ($persistentToken->getLastUsed()->getTimestamp() + 60 >= time()) {
return;
}
$tokenValue = strtr(base64_encode(random_bytes(33)), '+/=', '-_~');
$tokenLastUsed = new \DateTime();
$this->tokenVerifier?->updateExistingToken($persistentToken, $tokenValue, $tokenLastUsed);
$this->tokenProvider->updateToken($series, $tokenValue, $tokenLastUsed);
$this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
}
public function clearRememberMeCookie(): void
{
parent::clearRememberMeCookie();
$cookie = $this->requestStack->getMainRequest()->cookies->get($this->options['name']);
if (null === $cookie) {
$provider = $this->bootstrapProvider();
$series = base64_encode(random_bytes(64));
$oldValue = 'oldValue';
$newValue = 'newValue';
// setup existing token $token = new PersistentToken('someClass', 'someUser', $series, $oldValue, new \DateTimeImmutable('2013-01-26T18:23:51'));
$provider->createNewToken($token);
// new request comes in requiring remember-me auth, which updates the token $provider->updateExistingToken($token, $newValue, new \DateTimeImmutable('-5 seconds'));
$provider->updateToken($series, $newValue, new \DateTime('-5 seconds'));
// parallel request comes in with the old remember-me cookie and session, which also requires reauth $token = $provider->loadTokenBySeries($series);
$this->assertEquals($newValue, $token->getTokenValue());
// new token is valid $this->assertTrue($provider->verifyToken($token, $newValue));
// old token is still valid $this->assertTrue($provider->verifyToken($token, $oldValue));
}
$verifier = new CacheTokenVerifier(new ArrayAdapter());
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
$this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
}
public function testVerifyOutdatedToken()
{
$verifier = new CacheTokenVerifier(new ArrayAdapter());
$outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
$newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable());
$verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTimeImmutable());
$this->assertTrue($verifier->verifyToken($newToken, 'value'));
}
}