Skip to content

Commit

Permalink
Fix issue 404labfr#162
Browse files Browse the repository at this point in the history
  • Loading branch information
Arne1303 committed Jul 24, 2022
1 parent 7c1f9c5 commit a4b1a82
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 0 deletions.
1 change: 1 addition & 0 deletions phpunit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
<file>tests/BladeDirectivesTest.php</file>
<file>tests/RoutesTest.php</file>
<file>tests/MiddlewareProtectFromImpersonationTest.php</file>
<file>tests/SessionGuardTest.php</file>
</testsuite>
</testsuites>
<filter>
Expand Down
19 changes: 19 additions & 0 deletions src/Guard/SessionGuard.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,27 @@ public function quietLogout()
{
$this->clearUserDataFromStorage();

$this->clearPasswordHashes();

$this->user = null;

$this->loggedOut = true;
}

/**
* Removes the stored password hashes from the session.
*
* @param void
* @return void
*/
protected function clearPasswordHashes()
{
// Sort out password hashes stored in session
foreach (array_keys(config('auth.guards')) as $guard) {
$hashName = 'password_hash_' . $guard;
if ($this->session->has($hashName)) {
$this->session->remove($hashName);
}
}
}
}
28 changes: 28 additions & 0 deletions tests/SessionGuardTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<?php

namespace Lab404\Tests;

use Lab404\Tests\Stubs\Models\User;

class SessionGuardTest extends TestCase
{
/** @var String $guard */
private $guard;

public function setUp(): void
{
parent::setUp();
$this->guard = 'web';
}

/** @test */
public function it_removes_password_hash_from_session()
{
$hashName = 'password_hash_' . $this->guard;
$this->app['auth']->guard($this->guard)->loginUsingId('[email protected]');
$this->app['auth']->guard($this->guard)->getSession()->put($hashName, 'test_hash');
$this->app['auth']->guard($this->guard)->quietLogout();
$this->assertFalse($this->app['auth']->guard($this->guard)->check());
$this->assertFalse($this->app['auth']->guard($this->guard)->getSession()->has($hashName));
}
}

0 comments on commit a4b1a82

Please sign in to comment.