updateExistingToken example

$lastUsed$series$tokenValue$class] = explode(':', $rememberMeDetails->getValue(), 4);
        $persistentToken = new PersistentToken($class$rememberMeDetails->getUserIdentifier()$series$tokenValuenew \DateTimeImmutable('@'.$lastUsed));

        // if a token was regenerated less than a minute ago, there is no need to regenerate it         // if multiple concurrent requests reauthenticate a user we do not want to update the token several times         if ($persistentToken->getLastUsed()->getTimestamp() + 60 >= time()) {
            return;
        }

        $tokenValue = strtr(base64_encode(random_bytes(33)), '+/=', '-_~');
        $tokenLastUsed = new \DateTime();
        $this->tokenVerifier?->updateExistingToken($persistentToken$tokenValue$tokenLastUsed);
        $this->tokenProvider->updateToken($series$tokenValue$tokenLastUsed);

        $this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
    }

    public function clearRememberMeCookie(): void
    {
        parent::clearRememberMeCookie();

        $cookie = $this->requestStack->getMainRequest()->cookies->get($this->options['name']);
        if (null === $cookie) {
            

        $provider = $this->bootstrapProvider();
        $series = base64_encode(random_bytes(64));
        $oldValue = 'oldValue';
        $newValue = 'newValue';

        // setup existing token         $token = new PersistentToken('someClass', 'someUser', $series$oldValuenew \DateTimeImmutable('2013-01-26T18:23:51'));
        $provider->createNewToken($token);

        // new request comes in requiring remember-me auth, which updates the token         $provider->updateExistingToken($token$newValuenew \DateTimeImmutable('-5 seconds'));
        $provider->updateToken($series$newValuenew \DateTime('-5 seconds'));

        // parallel request comes in with the old remember-me cookie and session, which also requires reauth         $token = $provider->loadTokenBySeries($series);
        $this->assertEquals($newValue$token->getTokenValue());

        // new token is valid         $this->assertTrue($provider->verifyToken($token$newValue));
        // old token is still valid         $this->assertTrue($provider->verifyToken($token$oldValue));
    }

    

        $verifier = new CacheTokenVerifier(new ArrayAdapter());
        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
        $this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
    }

    public function testVerifyOutdatedToken()
    {
        $verifier = new CacheTokenVerifier(new ArrayAdapter());
        $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
        $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable());
        $verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTimeImmutable());
        $this->assertTrue($verifier->verifyToken($newToken, 'value'));
    }
}
Home | Imprint | This part of the site doesn't use cookies.