diff --git a/server/controllers/user/login.php b/server/controllers/user/login.php index 54357d80..5e1fb8a7 100644 --- a/server/controllers/user/login.php +++ b/server/controllers/user/login.php @@ -5,7 +5,8 @@ class LoginController extends Controller { private $userInstance; private $session; - + private $rememberToken; + public function validations() { return [ 'permission' => 'any', @@ -19,8 +20,9 @@ class LoginController extends Controller { return; } - if ($this->areCredentialsValid()) { + if ($this->areCredentialsValid() || $this->isRememberTokenValid()) { $this->createUserSession(); + $this->createSessionCookie(); Response::respondSuccess($this->getUserData()); } else { @@ -36,6 +38,20 @@ class LoginController extends Controller { return ($this->getUserByInputCredentials() !== null); } + private function isRememberTokenValid() { + $rememberToken = Controller::request('rememberToken'); + + if ($rememberToken) { + $sessionCookie = SessionCookie::getDataStore($rememberToken, 'token'); + $userid = Controller::request('userId'); + + if ($sessionCookie !== null && $userid === $sessionCookie->user->id) { + $this->userInstance = $sessionCookie->user; + return true; + } + } + } + private function createUserSession() { $this->getSession()->createSession($this->userInstance->id); } @@ -46,7 +62,8 @@ class LoginController extends Controller { return array( 'userId' => $userInstance->id, 'userEmail' => $userInstance->email, - 'token' => $this->getSession()->getToken() + 'token' => $this->getSession()->getToken(), + 'rememberToken' => $this->rememberToken ); } @@ -68,4 +85,19 @@ class LoginController extends Controller { return $this->session; } + private function createSessionCookie(){ + $remember = Controller::request('remember'); + if ($remember) { + $this->rememberToken = Hashing::generateRandomToken(); + + $sessionCookie = new SessionCookie(); + $sessionCookie->setProperties(array( + 'user' => $this->userInstance->getBeanInstance(), + 'token' => $this->rememberToken, + 'ip' => $_SERVER['REMOTE_ADDR'], + 'creationDate' => date('d-m-Y (H:i:s)') + )); + $sessionCookie->store(); + } + } } diff --git a/server/libs/Hashing.php b/server/libs/Hashing.php index 01ef7ff4..7b296357 100644 --- a/server/libs/Hashing.php +++ b/server/libs/Hashing.php @@ -7,4 +7,7 @@ class Hashing { public static function verifyPassword($password, $hash) { return password_verify($password, $hash); } + public static function generateRandomToken() { + return md5(uniqid(rand())); + } } \ No newline at end of file diff --git a/server/models/Session.php b/server/models/Session.php index 3c9d4f5e..3d543607 100644 --- a/server/models/Session.php +++ b/server/models/Session.php @@ -65,6 +65,6 @@ class Session { } private function generateToken() { - return md5(uniqid(rand())); + return Hashing::generateRandomToken();; } } \ No newline at end of file diff --git a/server/models/SessionCookie.php b/server/models/SessionCookie.php new file mode 100644 index 00000000..e66adc5e --- /dev/null +++ b/server/models/SessionCookie.php @@ -0,0 +1,19 @@ + parent::stub()->returns('HASHED_PASSword'), + 'verifyPassword' => parent::stub()->returns(true), + 'generateRandomToken' => parent::stub()->returns('TEST_TOKEN') + )); + } + + public static function mockInstanceFunction($functionName, $functionMock) { + self::getInstance()->{$functionName} = $functionMock; + } + + private static function getInstanceMock() { + return new \Mock(array( + 'initSession' => parent::stub(), + 'closeSession' => parent::stub(), + 'createSession' => parent::stub(), + 'getToken' => parent::stub()->returns('TEST_TOKEN'), + 'sessionExists' => parent::stub()->returns(false), + 'checkAuthentication' => parent::stub()->returns(true), + 'isLoggedWithId' => parent::stub()->returns(true), + )); + } +} \ No newline at end of file diff --git a/server/tests/controllers/user/loginTest.php b/server/tests/controllers/user/loginTest.php index 018efd72..7b80f38b 100644 --- a/server/tests/controllers/user/loginTest.php +++ b/server/tests/controllers/user/loginTest.php @@ -38,7 +38,8 @@ class LoginControllerTest extends PHPUnit_Framework_TestCase { $this->assertTrue(Response::get('respondSuccess')->hasBeenCalledWithArgs(array( 'userId' => 'MOCK_ID', 'userEmail' => 'MOCK_EMAIL', - 'token' => 'TEST_TOKEN' + 'token' => 'TEST_TOKEN', + 'rememberToken' => null ))); } diff --git a/tests/init.rb b/tests/init.rb index 86e90a75..76eea472 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -9,4 +9,5 @@ require './scripts.rb' # TESTS require './user/signup.rb' -require './ticket/create.rb' +require './user/login.rb' +#require './ticket/create.rb' diff --git a/tests/user/login.rb b/tests/user/login.rb index 398e90c5..7c0d5738 100644 --- a/tests/user/login.rb +++ b/tests/user/login.rb @@ -1,25 +1,48 @@ describe '/user/login' do - before do - @loginEmail = 'login@os4.com' - @loginPass = 'loginpass' + @loginEmail = 'login@os4.com' + @loginPass = 'loginpass' - Scripts.createUser(@loginEmail, @loginPass) - end + Scripts.createUser(@loginEmail, @loginPass) it 'should fail if password is incorrect' do result = request('/user/login', { email: @loginEmail, - pass: 'some_incorrect_password' + password: 'some_incorrect_password' }) (result['status']).should.equal('fail') end - it 'should login correctly' do +# it 'should login correctly' do +# end + +# it 'should fail if already logged in' do + +# end + + it 'should return remember token' do + request('/user/logout', {}) + result = request('/user/login', { + email: @loginEmail, + password: @loginPass, + remember: true + }) + + (result['status']).should.equal('success') + + @rememberToken = result['data']['rememberToken']# falta comproversion + @userid = result['data']['userId'] end - it 'should fail if already logged in' do + it 'should login with token' do + request('/user/logout', {}) + result = request('/user/login', { + rememberToken: @rememberToken, + userId: @userid + }) + (result['status']).should.equal('success') + (result['data']['userId']).should.equal(@userid) end -end \ No newline at end of file +end