iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sessions: Only show part of the session ID

This commit is contained in:
Igor Scheller 2023-09-18 18:18:33 +02:00
parent c06cb767da
commit 40b93e3d8b
4 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/factories/SessionFactory.php
View File

@ -16,7 +16,7 @@ class SessionFactory extends Factory
public function definition(): array
{
return [
'id' => $this->faker->lexify('??????????'),
'id' => $this->faker->lexify('????????????????????????????????'),
'payload' => $this->faker->text(100),
'user_id' => $this->faker->optional()->passthrough(User::factory()),
];

4
resources/views/pages/settings/sessions.twig
View File

@ -34,14 +34,14 @@
{% for session in sessions %}
<tr>
<td>
<pre>{{ session['id'] }}</pre>
<pre>{{ session.id[:15] }}&hellip;</pre>
</td>
<td>{{ session.last_activity.format(__('Y-m-d H:i:s')) }}</td>
<td>
{% if session.id != current_session %}
<form action="" enctype="multipart/form-data" method="post">
{{ csrf() }}
{{ f.hidden('id', session.id) }}
{{ f.hidden('id', session.id[:15]) }}
{{ f.submit(
__('form.delete'),
{'name': 'delete', 'btn_type': 'danger', 'size': 'sm', 'icon_left': 'trash'}

5
src/Controllers/SettingsController.php
View File

@ -307,7 +307,10 @@ class SettingsController extends BaseController
->where('id', '!=', session()->getId());
if ($id != 'all') {
$query = $query->where('id', $id);
$this->validate($request, [
'id' => 'required|alnum|length:15:15',
]);
$query = $query->where('id', 'LIKE', $id . '%');
}
$query->delete();

9
tests/Unit/Controllers/SettingsControllerTest.php
View File

@ -14,6 +14,7 @@ use Engelsystem\Http\Response;
use Engelsystem\Models\Session as SessionModel;
use Engelsystem\Models\User\License;
use Engelsystem\Models\User\Settings;
use Illuminate\Support\Str;
use PHPUnit\Framework\MockObject\MockObject;
use Symfony\Component\HttpFoundation\Session\Session;
use Engelsystem\Helpers\Authenticator;
@ -595,7 +596,7 @@ class SettingsControllerTest extends ControllerTest
$this->response->expects($this->once())
->method('withView')
->willReturnCallback(function ($view, $data) {
->willReturnCallback(function ($view, $data) {
$this->assertEquals('pages/settings/sessions', $view);
$this->assertArrayHasKey('sessions', $data);
@ -619,7 +620,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', ['http://localhost/settings/sessions'], $this->response);
// Delete old user session
$this->request = $this->request->withParsedBody(['id' => $this->secondSession->id]);
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->secondSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request);
$this->assertHasNotification('settings.sessions.delete_success');
@ -636,7 +637,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', null, $this->response);
// Delete active user session
$this->request = $this->request->withParsedBody(['id' => $this->currentSession->id]);
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->currentSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request);
$this->assertCount(4, SessionModel::all()); // None got deleted
@ -652,7 +653,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', null, $this->response);
// Delete another users session
$this->request = $this->request->withParsedBody(['id' => $this->otherSession->id]);
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->otherSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request);
$this->assertCount(4, SessionModel::all()); // None got deleted