Merged in Add-remember-me (pull request #21)

(Guillermo) Add-remember-me
2016-07-16 03:59:09 -03:00 · 2016-07-16 03:59:09 -03:00 · 811f4dc272
parent bc66d74f73 35a968652a
commit 811f4dc272
6 changed files with 92 additions and 14 deletions
--- a/server/controllers/user/login.php
+++ b/server/controllers/user/login.php
@ -5,7 +5,8 @@ class LoginController extends Controller {

    private $userInstance;
    private $session;
-    
+    private $rememberToken;
+
    public function validations() {
        return [
            'permission' => 'any',
@ -19,8 +20,9 @@ class LoginController extends Controller {
            return;
        }

-        if ($this->areCredentialsValid()) {
+        if ($this->areCredentialsValid() || $this->isRememberTokenValid()) {
            $this->createUserSession();
+            $this->createSessionCookie();

            Response::respondSuccess($this->getUserData());
        } else {
@ -36,6 +38,20 @@ class LoginController extends Controller {
        return ($this->getUserByInputCredentials() !== null);
    }

+    private function isRememberTokenValid() {
+        $rememberToken = Controller::request('rememberToken');
+
+        if ($rememberToken) {
+            $sessionCookie = SessionCookie::getDataStore($rememberToken, 'token');
+            $userid = Controller::request('userId');
+
+            if ($sessionCookie !== null && $userid === $sessionCookie->user->id) {
+                $this->userInstance = $sessionCookie->user;
+                return true;
+            }
+        }
+    }
+
    private function createUserSession() {
        $this->getSession()->createSession($this->userInstance->id);
    }
@ -46,7 +62,8 @@ class LoginController extends Controller {
        return array(
            'userId' => $userInstance->id,
            'userEmail' => $userInstance->email,
-            'token' => $this->getSession()->getToken()
+            'token' => $this->getSession()->getToken(),
+            'rememberToken' => $this->rememberToken
        );
    }

@ -68,4 +85,19 @@ class LoginController extends Controller {

        return $this->session;
    }
+    private function createSessionCookie(){
+        $remember =  Controller::request('remember');
+        if ($remember) {
+            $this->rememberToken = Hashing::generateRandomToken();
+
+            $sessionCookie = new SessionCookie();
+            $sessionCookie->setProperties(array(
+                'user' => $this->userInstance->getBeanInstance(),
+                'token' => $this->rememberToken,
+                'ip' => $_SERVER['REMOTE_ADDR'],
+                'creationDate' =>  date('d-m-Y (H:i:s)')
+            ));
+            $sessionCookie->store();
+        }
+    }
 }
--- a/server/libs/Hashing.php
+++ b/server/libs/Hashing.php
@ -7,4 +7,7 @@ class Hashing {
    public static function verifyPassword($password, $hash) {
        return password_verify($password, $hash);
    }
+    public static function generateRandomToken() {
+        return md5(uniqid(rand()));
+    }
 }
--- a/server/models/Session.php
+++ b/server/models/Session.php
@ -65,6 +65,6 @@ class Session {
    }

    private function generateToken() {
-        return md5(uniqid(rand()));
+        return Hashing::generateRandomToken();;
    }
 }
--- a/server/models/SessionCookie.php
+++ b/server/models/SessionCookie.php
@ -0,0 +1,19 @@
+<?php
+
+class SessionCookie extends DataStore {
+    const TABLE = 'sessioncookie';
+
+    public static function getProps() {
+        return array (
+            'user',
+            'token',
+            'ip',
+            'creationDate',
+            'expirationDate'
+        );
+    }
+
+    protected function getDefaultProps() {
+        return array();
+    }
+}
--- a/tests/init.rb
+++ b/tests/init.rb
@ -9,4 +9,5 @@ require './scripts.rb'

 # TESTS
 require './user/signup.rb'
-require './ticket/create.rb'
+require './user/login.rb'
+#require './ticket/create.rb'
--- a/tests/user/login.rb
+++ b/tests/user/login.rb
@ -1,25 +1,48 @@
 describe '/user/login' do
-    before do
-        @loginEmail = 'login@os4.com'
-        @loginPass = 'loginpass'
+    @loginEmail = 'login@os4.com'
+    @loginPass = 'loginpass'

-        Scripts.createUser(@loginEmail, @loginPass)
-    end
+    Scripts.createUser(@loginEmail, @loginPass)

    it 'should fail if password is incorrect' do
        result = request('/user/login', {
            email: @loginEmail,
-            pass: 'some_incorrect_password'
+            password: 'some_incorrect_password'
        })

        (result['status']).should.equal('fail')
    end

-    it 'should login correctly' do
+#    it 'should login correctly' do

+#    end
+
+#    it 'should fail if already logged in' do
+
+#    end
+
+    it 'should return remember token' do
+        request('/user/logout', {})
+        result = request('/user/login', {
+            email: @loginEmail,
+            password: @loginPass,
+            remember: true
+        })
+
+        (result['status']).should.equal('success')
+
+        @rememberToken = result['data']['rememberToken']# falta comproversion
+        @userid = result['data']['userId']
    end

-    it 'should fail if already logged in' do
+    it 'should login with token' do
+        request('/user/logout', {})
+        result = request('/user/login', {
+            rememberToken: @rememberToken,
+            userId: @userid
+        })

+        (result['status']).should.equal('success')
+        (result['data']['userId']).should.equal(@userid)
    end
-end
+end