Fix duplicate session token after remembered login

On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2017-09-18 10:33:19 +02:00
parent 6859e5a22a
commit 85c18f5980
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
2 changed files with 9 additions and 0 deletions

View File

@ -195,6 +195,7 @@ class DefaultTokenProvider implements IProvider {
$newToken->setRemember($token->getRemember());
$newToken->setLastActivity($this->time->getTime());
$this->mapper->insert($newToken);
$this->mapper->delete($token);
}
/**

View File

@ -318,6 +318,10 @@ class DefaultTokenProviderTest extends TestCase {
->expects($this->at(1))
->method('insert')
->with($newToken);
$this->mapper
->expects($this->at(2))
->method('delete')
->with($token);
$this->tokenProvider->renewSessionToken('oldId', 'newId');
}
@ -384,6 +388,10 @@ class DefaultTokenProviderTest extends TestCase {
->expects($this->at(1))
->method('insert')
->with($this->equalTo($newToken));
$this->mapper
->expects($this->at(2))
->method('delete')
->with($token);
$this->tokenProvider->renewSessionToken('oldId', 'newId');
}