Merge pull request #18482 from owncloud/encrypt-session-data
Add a session wrapper to encrypt the data before storing it on disk
This commit is contained in:
commit
b3495a1dc9
5
cron.php
5
cron.php
|
@ -52,7 +52,10 @@ try {
|
||||||
\OC::$server->getSession()->close();
|
\OC::$server->getSession()->close();
|
||||||
|
|
||||||
// initialize a dummy memory session
|
// initialize a dummy memory session
|
||||||
\OC::$server->setSession(new \OC\Session\Memory(''));
|
$session = new \OC\Session\Memory('');
|
||||||
|
$cryptoWrapper = \OC::$server->getSessionCryptoWrapper();
|
||||||
|
$session = $cryptoWrapper->wrapSession($session);
|
||||||
|
\OC::$server->setSession($session);
|
||||||
|
|
||||||
$logger = \OC::$server->getLogger();
|
$logger = \OC::$server->getLogger();
|
||||||
|
|
||||||
|
|
12
lib/base.php
12
lib/base.php
|
@ -452,13 +452,15 @@ class OC {
|
||||||
$useCustomSession = false;
|
$useCustomSession = false;
|
||||||
$session = self::$server->getSession();
|
$session = self::$server->getSession();
|
||||||
OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
|
OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
|
||||||
if($useCustomSession) {
|
if (!$useCustomSession) {
|
||||||
// use the session reference as the new Session
|
|
||||||
self::$server->setSession($session);
|
|
||||||
} else {
|
|
||||||
// set the session name to the instance id - which is unique
|
// set the session name to the instance id - which is unique
|
||||||
self::$server->setSession(new \OC\Session\Internal($sessionName));
|
$session = new \OC\Session\Internal($sessionName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$cryptoWrapper = \OC::$server->getSessionCryptoWrapper();
|
||||||
|
$session = $cryptoWrapper->wrapSession($session);
|
||||||
|
self::$server->setSession($session);
|
||||||
|
|
||||||
// if session cant be started break with http 500 error
|
// if session cant be started break with http 500 error
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
\OCP\Util::logException('base', $e);
|
\OCP\Util::logException('base', $e);
|
||||||
|
|
|
@ -40,6 +40,7 @@ use bantu\IniGetWrapper\IniGetWrapper;
|
||||||
use OC\AppFramework\Http\Request;
|
use OC\AppFramework\Http\Request;
|
||||||
use OC\AppFramework\Db\Db;
|
use OC\AppFramework\Db\Db;
|
||||||
use OC\AppFramework\Utility\SimpleContainer;
|
use OC\AppFramework\Utility\SimpleContainer;
|
||||||
|
use OC\AppFramework\Utility\TimeFactory;
|
||||||
use OC\Command\AsyncBus;
|
use OC\Command\AsyncBus;
|
||||||
use OC\Diagnostics\EventLogger;
|
use OC\Diagnostics\EventLogger;
|
||||||
use OC\Diagnostics\NullEventLogger;
|
use OC\Diagnostics\NullEventLogger;
|
||||||
|
@ -56,6 +57,7 @@ use OC\Security\Crypto;
|
||||||
use OC\Security\Hasher;
|
use OC\Security\Hasher;
|
||||||
use OC\Security\SecureRandom;
|
use OC\Security\SecureRandom;
|
||||||
use OC\Security\TrustedDomainHelper;
|
use OC\Security\TrustedDomainHelper;
|
||||||
|
use OC\Session\CryptoWrapper;
|
||||||
use OC\Tagging\TagMapper;
|
use OC\Tagging\TagMapper;
|
||||||
use OCP\IServerContainer;
|
use OCP\IServerContainer;
|
||||||
use Symfony\Component\EventDispatcher\EventDispatcher;
|
use Symfony\Component\EventDispatcher\EventDispatcher;
|
||||||
|
@ -159,7 +161,12 @@ class Server extends SimpleContainer implements IServerContainer {
|
||||||
});
|
});
|
||||||
$this->registerService('UserSession', function (Server $c) {
|
$this->registerService('UserSession', function (Server $c) {
|
||||||
$manager = $c->getUserManager();
|
$manager = $c->getUserManager();
|
||||||
$userSession = new \OC\User\Session($manager, new \OC\Session\Memory(''));
|
|
||||||
|
$session = new \OC\Session\Memory('');
|
||||||
|
$cryptoWrapper = $c->getSessionCryptoWrapper();
|
||||||
|
$session = $cryptoWrapper->wrapSession($session);
|
||||||
|
|
||||||
|
$userSession = new \OC\User\Session($manager, $session);
|
||||||
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
|
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
|
||||||
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
|
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
|
||||||
});
|
});
|
||||||
|
@ -462,6 +469,31 @@ class Server extends SimpleContainer implements IServerContainer {
|
||||||
$this->registerService('EventDispatcher', function() {
|
$this->registerService('EventDispatcher', function() {
|
||||||
return new EventDispatcher();
|
return new EventDispatcher();
|
||||||
});
|
});
|
||||||
|
$this->registerService('CryptoWrapper', function (Server $c) {
|
||||||
|
// FIXME: Instantiiated here due to cyclic dependency
|
||||||
|
$request = new Request(
|
||||||
|
[
|
||||||
|
'get' => $_GET,
|
||||||
|
'post' => $_POST,
|
||||||
|
'files' => $_FILES,
|
||||||
|
'server' => $_SERVER,
|
||||||
|
'env' => $_ENV,
|
||||||
|
'cookies' => $_COOKIE,
|
||||||
|
'method' => (isset($_SERVER) && isset($_SERVER['REQUEST_METHOD']))
|
||||||
|
? $_SERVER['REQUEST_METHOD']
|
||||||
|
: null,
|
||||||
|
],
|
||||||
|
new SecureRandom(),
|
||||||
|
$c->getConfig()
|
||||||
|
);
|
||||||
|
|
||||||
|
return new CryptoWrapper(
|
||||||
|
$c->getConfig(),
|
||||||
|
$c->getCrypto(),
|
||||||
|
$c->getSecureRandom(),
|
||||||
|
$request
|
||||||
|
);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -977,4 +1009,11 @@ class Server extends SimpleContainer implements IServerContainer {
|
||||||
public function getEventDispatcher() {
|
public function getEventDispatcher() {
|
||||||
return $this->query('EventDispatcher');
|
return $this->query('EventDispatcher');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return \OC\Session\CryptoWrapper
|
||||||
|
*/
|
||||||
|
public function getSessionCryptoWrapper() {
|
||||||
|
return $this->query('CryptoWrapper');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,147 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||||
|
* @license AGPL-3.0
|
||||||
|
*
|
||||||
|
* This code is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License, version 3,
|
||||||
|
* as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OC\Session;
|
||||||
|
|
||||||
|
use OCP\ISession;
|
||||||
|
use OCP\Security\ICrypto;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class CryptoSessionData
|
||||||
|
*
|
||||||
|
* @package OC\Session
|
||||||
|
*/
|
||||||
|
class CryptoSessionData implements \ArrayAccess, ISession {
|
||||||
|
/** @var ISession */
|
||||||
|
protected $session;
|
||||||
|
|
||||||
|
/** @var \OCP\Security\ICrypto */
|
||||||
|
protected $crypto;
|
||||||
|
|
||||||
|
/** @var string */
|
||||||
|
protected $passphrase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param ISession $session
|
||||||
|
* @param ICrypto $crypto
|
||||||
|
* @param string $passphrase
|
||||||
|
*/
|
||||||
|
public function __construct(ISession $session, ICrypto $crypto, $passphrase) {
|
||||||
|
$this->crypto = $crypto;
|
||||||
|
$this->session = $session;
|
||||||
|
$this->passphrase = $passphrase;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set a value in the session
|
||||||
|
*
|
||||||
|
* @param string $key
|
||||||
|
* @param mixed $value
|
||||||
|
*/
|
||||||
|
public function set($key, $value) {
|
||||||
|
$encryptedValue = $this->crypto->encrypt(json_encode($value), $this->passphrase);
|
||||||
|
$this->session->set($key, $encryptedValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get a value from the session
|
||||||
|
*
|
||||||
|
* @param string $key
|
||||||
|
* @return string|null Either the value or null
|
||||||
|
*/
|
||||||
|
public function get($key) {
|
||||||
|
$encryptedValue = $this->session->get($key);
|
||||||
|
if ($encryptedValue === null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$value = $this->crypto->decrypt($encryptedValue, $this->passphrase);
|
||||||
|
return json_decode($value);
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if a named key exists in the session
|
||||||
|
*
|
||||||
|
* @param string $key
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function exists($key) {
|
||||||
|
return $this->session->exists($key);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove a $key/$value pair from the session
|
||||||
|
*
|
||||||
|
* @param string $key
|
||||||
|
*/
|
||||||
|
public function remove($key) {
|
||||||
|
$this->session->remove($key);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reset and recreate the session
|
||||||
|
*/
|
||||||
|
public function clear() {
|
||||||
|
$this->session->clear();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Close the session and release the lock
|
||||||
|
*/
|
||||||
|
public function close() {
|
||||||
|
$this->session->close();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param mixed $offset
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function offsetExists($offset) {
|
||||||
|
return $this->exists($offset);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param mixed $offset
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
public function offsetGet($offset) {
|
||||||
|
return $this->get($offset);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param mixed $offset
|
||||||
|
* @param mixed $value
|
||||||
|
*/
|
||||||
|
public function offsetSet($offset, $value) {
|
||||||
|
$this->set($offset, $value);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param mixed $offset
|
||||||
|
*/
|
||||||
|
public function offsetUnset($offset) {
|
||||||
|
$this->remove($offset);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,96 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||||
|
* @license AGPL-3.0
|
||||||
|
*
|
||||||
|
* This code is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License, version 3,
|
||||||
|
* as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OC\Session;
|
||||||
|
|
||||||
|
use OCP\AppFramework\Utility\ITimeFactory;
|
||||||
|
use OCP\IConfig;
|
||||||
|
use OCP\IRequest;
|
||||||
|
use OCP\ISession;
|
||||||
|
use OCP\Security\ICrypto;
|
||||||
|
use OCP\Security\ISecureRandom;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class CryptoWrapper provides some rough basic level of additional security by
|
||||||
|
* storing the session data in an encrypted form.
|
||||||
|
*
|
||||||
|
* The content of the session is encrypted using another cookie sent by the browser.
|
||||||
|
* One should note that an adversary with access to the source code or the system
|
||||||
|
* memory is still able to read the original session ID from the users' request.
|
||||||
|
* This thus can not be considered a strong security measure one should consider
|
||||||
|
* it as an additional small security obfuscation layer to comply with compliance
|
||||||
|
* guidelines.
|
||||||
|
*
|
||||||
|
* TODO: Remove this in a future relase with an approach such as
|
||||||
|
* https://github.com/owncloud/core/pull/17866
|
||||||
|
*
|
||||||
|
* @package OC\Session
|
||||||
|
*/
|
||||||
|
class CryptoWrapper {
|
||||||
|
const COOKIE_NAME = 'oc_sessionPassphrase';
|
||||||
|
|
||||||
|
/** @var ISession */
|
||||||
|
protected $session;
|
||||||
|
|
||||||
|
/** @var \OCP\Security\ICrypto */
|
||||||
|
protected $crypto;
|
||||||
|
|
||||||
|
/** @var ISecureRandom */
|
||||||
|
protected $random;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param IConfig $config
|
||||||
|
* @param ICrypto $crypto
|
||||||
|
* @param ISecureRandom $random
|
||||||
|
* @param IRequest $request
|
||||||
|
*/
|
||||||
|
public function __construct(IConfig $config,
|
||||||
|
ICrypto $crypto,
|
||||||
|
ISecureRandom $random,
|
||||||
|
IRequest $request) {
|
||||||
|
$this->crypto = $crypto;
|
||||||
|
$this->config = $config;
|
||||||
|
$this->random = $random;
|
||||||
|
|
||||||
|
if (!is_null($request->getCookie(self::COOKIE_NAME))) {
|
||||||
|
$this->passphrase = $request->getCookie(self::COOKIE_NAME);
|
||||||
|
} else {
|
||||||
|
$this->passphrase = $this->random->getMediumStrengthGenerator()->generate(128);
|
||||||
|
$secureCookie = $request->getServerProtocol() === 'https';
|
||||||
|
// FIXME: Required for CI
|
||||||
|
if (!defined('PHPUNIT_RUN')) {
|
||||||
|
setcookie(self::COOKIE_NAME, $this->passphrase, 0, \OC::$WEBROOT, '', $secureCookie, true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param ISession $session
|
||||||
|
* @return ISession
|
||||||
|
*/
|
||||||
|
public function wrapSession(ISession $session) {
|
||||||
|
if (!($session instanceof CryptoSessionData)) {
|
||||||
|
return new CryptoSessionData($session, $this->crypto, $this->passphrase);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $session;
|
||||||
|
}
|
||||||
|
}
|
|
@ -56,6 +56,7 @@ class Server extends \Test\TestCase {
|
||||||
['ContactsManager', '\OCP\Contacts\IManager'],
|
['ContactsManager', '\OCP\Contacts\IManager'],
|
||||||
['Crypto', '\OC\Security\Crypto'],
|
['Crypto', '\OC\Security\Crypto'],
|
||||||
['Crypto', '\OCP\Security\ICrypto'],
|
['Crypto', '\OCP\Security\ICrypto'],
|
||||||
|
['CryptoWrapper', '\OC\Session\CryptoWrapper'],
|
||||||
|
|
||||||
['DatabaseConnection', '\OC\DB\Connection'],
|
['DatabaseConnection', '\OC\DB\Connection'],
|
||||||
['DatabaseConnection', '\OCP\IDBConnection'],
|
['DatabaseConnection', '\OCP\IDBConnection'],
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||||
|
* @license AGPL-3.0
|
||||||
|
*
|
||||||
|
* This code is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License, version 3,
|
||||||
|
* as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Test\Session;
|
||||||
|
|
||||||
|
use OC\Session\CryptoSessionData;
|
||||||
|
|
||||||
|
class CryptoSessionDataTest extends Session {
|
||||||
|
/** @var \PHPUnit_Framework_MockObject_MockObject|\OCP\Security\ICrypto */
|
||||||
|
protected $crypto;
|
||||||
|
|
||||||
|
/** @var \OCP\ISession */
|
||||||
|
protected $wrappedSession;
|
||||||
|
|
||||||
|
protected function setUp() {
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
$this->wrappedSession = new \OC\Session\Memory($this->getUniqueID());
|
||||||
|
$this->crypto = $this->getMockBuilder('OCP\Security\ICrypto')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->crypto->expects($this->any())
|
||||||
|
->method('encrypt')
|
||||||
|
->willReturnCallback(function ($input) {
|
||||||
|
return '#' . $input . '#';
|
||||||
|
});
|
||||||
|
$this->crypto->expects($this->any())
|
||||||
|
->method('decrypt')
|
||||||
|
->willReturnCallback(function ($input) {
|
||||||
|
return substr($input, 1, -1);
|
||||||
|
});
|
||||||
|
|
||||||
|
$this->instance = new CryptoSessionData($this->wrappedSession, $this->crypto, 'PASS');
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,82 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||||
|
* @license AGPL-3.0
|
||||||
|
*
|
||||||
|
* This code is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License, version 3,
|
||||||
|
* as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Test\Session;
|
||||||
|
|
||||||
|
use OC\Session\CryptoSessionData;
|
||||||
|
use Test\TestCase;
|
||||||
|
|
||||||
|
class CryptoWrappingTest extends TestCase {
|
||||||
|
/** @var \PHPUnit_Framework_MockObject_MockObject|\OCP\Security\ICrypto */
|
||||||
|
protected $crypto;
|
||||||
|
|
||||||
|
/** @var \PHPUnit_Framework_MockObject_MockObject|\OCP\ISession */
|
||||||
|
protected $wrappedSession;
|
||||||
|
|
||||||
|
/** @var \OC\Session\CryptoSessionData */
|
||||||
|
protected $instance;
|
||||||
|
|
||||||
|
protected function setUp() {
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
$this->wrappedSession = $this->getMockBuilder('OCP\ISession')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->crypto = $this->getMockBuilder('OCP\Security\ICrypto')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->crypto->expects($this->any())
|
||||||
|
->method('encrypt')
|
||||||
|
->willReturnCallback(function ($input) {
|
||||||
|
return $input;
|
||||||
|
});
|
||||||
|
$this->crypto->expects($this->any())
|
||||||
|
->method('decrypt')
|
||||||
|
->willReturnCallback(function ($input) {
|
||||||
|
return substr($input, 1, -1);
|
||||||
|
});
|
||||||
|
|
||||||
|
$this->instance = new CryptoSessionData($this->wrappedSession, $this->crypto, 'PASS');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testWrappingSet() {
|
||||||
|
$unencryptedValue = 'foobar';
|
||||||
|
|
||||||
|
$this->wrappedSession->expects($this->once())
|
||||||
|
->method('set')
|
||||||
|
->with('key', $this->crypto->encrypt(json_encode($unencryptedValue)));
|
||||||
|
$this->instance->set('key', $unencryptedValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testUnwrappingGet() {
|
||||||
|
$unencryptedValue = 'foobar';
|
||||||
|
$encryptedValue = $this->crypto->encrypt($unencryptedValue);
|
||||||
|
|
||||||
|
$this->wrappedSession->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('key')
|
||||||
|
->willReturnCallback(function () use ($encryptedValue) {
|
||||||
|
return $encryptedValue;
|
||||||
|
});
|
||||||
|
|
||||||
|
$this->assertSame($unencryptedValue, $this->wrappedSession->get('key'));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue