CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
verifyToken example
$provider->createNewToken($token);
// new request comes in requiring remember-me auth, which updates the token $provider->updateExistingToken($token, $newValue, new \DateTimeImmutable('-5 seconds'));
$provider->updateToken($series, $newValue, new \DateTime('-5 seconds'));
// parallel request comes in with the old remember-me cookie and session, which also requires reauth $token = $provider->loadTokenBySeries($series);
$this->assertEquals($newValue, $token->getTokenValue());
// new token is valid $this->assertTrue($provider->verifyToken($token, $newValue));
// old token is still valid $this->assertTrue($provider->verifyToken($token, $oldValue));
}
public function testVerifyOutdatedTokenAfterParallelRequestFailsAfter60Seconds()
{
$provider = $this->bootstrapProvider();
$series = base64_encode(random_bytes(64));
$oldValue = 'oldValue';
$newValue = 'newValue';
// new request comes in requiring remember-me auth, which updates the token $provider->updateExistingToken($token, $newValue, new \DateTimeImmutable('-5 seconds'));
$provider->updateToken($series, $newValue, new \DateTime('-5 seconds'));
// parallel request comes in with the old remember-me cookie and session, which also requires reauth $token = $provider->loadTokenBySeries($series);
$this->assertEquals($newValue, $token->getTokenValue());
// new token is valid $this->assertTrue($provider->verifyToken($token, $newValue));
// old token is still valid $this->assertTrue($provider->verifyToken($token, $oldValue));
}
public function testVerifyOutdatedTokenAfterParallelRequestFailsAfter60Seconds()
{
$provider = $this->bootstrapProvider();
$series = base64_encode(random_bytes(64));
$oldValue = 'oldValue';
$newValue = 'newValue';
public function consumeRememberMeCookie(RememberMeDetails $rememberMeDetails): UserInterface
{
if (!str_contains($rememberMeDetails->getValue(), ':')) {
throw new AuthenticationException('The cookie is incorrectly formatted.');
}
[$series, $tokenValue] = explode(':', $rememberMeDetails->getValue());
$persistentToken = $this->tokenProvider->loadTokenBySeries($series);
if ($this->tokenVerifier) {
$isTokenValid = $this->tokenVerifier->verifyToken($persistentToken, $tokenValue);
} else {
$isTokenValid = hash_equals($persistentToken->getTokenValue(), $tokenValue);
}
if (!$isTokenValid) {
throw new CookieTheftException('This token was already used. The account is possibly compromised.');
}
if ($persistentToken->getLastUsed()->getTimestamp() + $this->options['lifetime'] < time()) {
throw new AuthenticationException('The cookie has expired.');
}
{
if (!str_contains($rememberMeDetails->getValue(), ':')) {
throw new AuthenticationException('The cookie is incorrectly formatted.');
}
[$series, $tokenValue] = explode(':', $rememberMeDetails->getValue());
$persistentToken = $this->tokenProvider->loadTokenBySeries($series);
if ($this->tokenVerifier) {
$isTokenValid = $this->tokenVerifier->verifyToken($persistentToken, $tokenValue);
} else {
$isTokenValid = hash_equals($persistentToken->getTokenValue(), $tokenValue);
}
if (!$isTokenValid) {
throw new CookieTheftException('This token was already used. The account is possibly compromised.');
}
if ($persistentToken->getLastUsed()->getTimestamp() + $this->options['lifetime'] < time()) {
throw new AuthenticationException('The cookie has expired.');
}
use PHPUnit\Framework\TestCase;
use Symfony\Component\Cache\Adapter\ArrayAdapter;
use Symfony\Component\Security\Core\Authentication\RememberMe\CacheTokenVerifier;
use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
class CacheTokenVerifierTest extends TestCase
{
public function testVerifyCurrentToken()
{
$verifier = new CacheTokenVerifier(new ArrayAdapter());
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
$this->assertTrue($verifier->verifyToken($token, 'value'));
}
public function testVerifyFailsInvalidToken()
{
$verifier = new CacheTokenVerifier(new ArrayAdapter());
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
$this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
}
public function testVerifyOutdatedToken()
{
use Symfony\Component\Cache\Adapter\ArrayAdapter;
use Symfony\Component\Security\Core\Authentication\RememberMe\CacheTokenVerifier;
use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
class CacheTokenVerifierTest extends TestCase
{
public function testVerifyCurrentToken()
{
$verifier = new CacheTokenVerifier(new ArrayAdapter());
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
$this->assertTrue($verifier->verifyToken($token, 'value'));
}
public function testVerifyFailsInvalidToken()
{
$verifier = new CacheTokenVerifier(new ArrayAdapter());
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
$this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
}
public function testVerifyOutdatedToken()
{