verifyToken example

$provider->createNewToken($token);

        // new request comes in requiring remember-me auth, which updates the token         $provider->updateExistingToken($token$newValuenew \DateTimeImmutable('-5 seconds'));
        $provider->updateToken($series$newValuenew \DateTime('-5 seconds'));

        // parallel request comes in with the old remember-me cookie and session, which also requires reauth         $token = $provider->loadTokenBySeries($series);
        $this->assertEquals($newValue$token->getTokenValue());

        // new token is valid         $this->assertTrue($provider->verifyToken($token$newValue));
        // old token is still valid         $this->assertTrue($provider->verifyToken($token$oldValue));
    }

    public function testVerifyOutdatedTokenAfterParallelRequestFailsAfter60Seconds()
    {
        $provider = $this->bootstrapProvider();
        $series = base64_encode(random_bytes(64));
        $oldValue = 'oldValue';
        $newValue = 'newValue';

        
public function consumeRememberMeCookie(RememberMeDetails $rememberMeDetails): UserInterface
    {
        if (!str_contains($rememberMeDetails->getValue(), ':')) {
            throw new AuthenticationException('The cookie is incorrectly formatted.');
        }

        [$series$tokenValue] = explode(':', $rememberMeDetails->getValue());
        $persistentToken = $this->tokenProvider->loadTokenBySeries($series);

        if ($this->tokenVerifier) {
            $isTokenValid = $this->tokenVerifier->verifyToken($persistentToken$tokenValue);
        } else {
            $isTokenValid = hash_equals($persistentToken->getTokenValue()$tokenValue);
        }
        if (!$isTokenValid) {
            throw new CookieTheftException('This token was already used. The account is possibly compromised.');
        }

        if ($persistentToken->getLastUsed()->getTimestamp() + $this->options['lifetime'] < time()) {
            throw new AuthenticationException('The cookie has expired.');
        }

        
use PHPUnit\Framework\TestCase;
use Symfony\Component\Cache\Adapter\ArrayAdapter;
use Symfony\Component\Security\Core\Authentication\RememberMe\CacheTokenVerifier;
use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;

class CacheTokenVerifierTest extends TestCase
{
    public function testVerifyCurrentToken()
    {
        $verifier = new CacheTokenVerifier(new ArrayAdapter());
        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
        $this->assertTrue($verifier->verifyToken($token, 'value'));
    }

    public function testVerifyFailsInvalidToken()
    {
        $verifier = new CacheTokenVerifier(new ArrayAdapter());
        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
        $this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
    }

    public function testVerifyOutdatedToken()
    {
        
Home | Imprint | This part of the site doesn't use cookies.