Skip to content

Commit

Permalink
Fix issue #162
Browse files Browse the repository at this point in the history
  • Loading branch information
Arne1303 committed Jul 25, 2022
1 parent 7c1f9c5 commit a306583
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 0 deletions.
8 changes: 8 additions & 0 deletions migrations/2017_02_11_000000_create_users_table.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,14 @@ public function up()
'can_be_impersonated' => 1,
'created_at' => Carbon::now()->toDateTimeString(),
],
[
'name' => 'Different Password User',
'email' => 'different-password-user@test.rocks',
'password' => bcrypt('different-password'),
'is_admin' => 0,
'can_be_impersonated' => 1,
'created_at' => Carbon::now()->toDateTimeString(),
],
[
'name' => 'SuperAdmin',
'email' => 'superadmin@test.rocks',
Expand Down
1 change: 1 addition & 0 deletions phpunit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
<file>tests/BladeDirectivesTest.php</file>
<file>tests/RoutesTest.php</file>
<file>tests/MiddlewareProtectFromImpersonationTest.php</file>
<file>tests/SessionGuardTest.php</file>
</testsuite>
</testsuites>
<filter>
Expand Down
19 changes: 19 additions & 0 deletions src/Guard/SessionGuard.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ public function quietLogin(Authenticatable $user)
{
$this->updateSession($user->getAuthIdentifier());

$this->updatePasswordHashes($user);

$this->setUser($user);
}

Expand All @@ -35,4 +37,21 @@ public function quietLogout()

$this->loggedOut = true;
}

/**
* Removes the stored password hashes from the session.
*
* @param void
* @return void
*/
protected function updatePasswordHashes(Authenticatable $user)
{
// Sort out password hashes stored in session
foreach (array_keys(config('auth.guards')) as $guard) {
$hashName = 'password_hash_' . $guard;
if ($this->session->has($hashName)) {
$this->session->put($hashName, $user->getAuthPassword());
}
}
}
}
32 changes: 32 additions & 0 deletions tests/SessionGuardTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
<?php

namespace Lab404\Tests;

use Illuminate\Support\Facades\Hash;
use Lab404\Tests\Stubs\Models\User;

class SessionGuardTest extends TestCase
{
/** @var String $guard */
private $guard;

public function setUp(): void
{
parent::setUp();
$this->guard = 'web';
}

/** @test */
public function it_updates_password_hash()
{
$hashName = 'password_hash_' . $this->guard;
$this->app['auth']->guard($this->guard)->loginUsingId('admin@test.rocks');
$startHash = Hash::make(auth()->user()->password);
$this->app['auth']->guard($this->guard)->getSession()->put($hashName, $startHash);
$this->app['auth']->guard($this->guard)->quietLogout();
$this->app['auth']->guard($this->guard)->quietLogin(
User::where('email', 'different-password-user@test.rocks')->first()
);
$this->assertNotEquals($startHash, $this->app['auth']->guard($this->guard)->getSession()->get($hashName));
}
}

0 comments on commit a306583

Please sign in to comment.