iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sessions: Only show part of the session ID

This commit is contained in:
Igor Scheller 2023-09-18 18:18:33 +02:00
parent c06cb767da
commit 40b93e3d8b
4 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/factories/SessionFactory.php
View File

@ -16,7 +16,7 @@ class SessionFactory extends Factory
public function definition(): array public function definition(): array
{ {
return [ return [
'id' => $this->faker->lexify('??????????'), 'id' => $this->faker->lexify('????????????????????????????????'),
'payload' => $this->faker->text(100), 'payload' => $this->faker->text(100),
'user_id' => $this->faker->optional()->passthrough(User::factory()), 'user_id' => $this->faker->optional()->passthrough(User::factory()),
]; ];

4
resources/views/pages/settings/sessions.twig
View File

@ -34,14 +34,14 @@
{% for session in sessions %} {% for session in sessions %}
<tr> <tr>
<td> <td>
<pre>{{ session['id'] }}</pre> <pre>{{ session.id[:15] }}&hellip;</pre>
</td> </td>
<td>{{ session.last_activity.format(__('Y-m-d H:i:s')) }}</td> <td>{{ session.last_activity.format(__('Y-m-d H:i:s')) }}</td>
<td> <td>
{% if session.id != current_session %} {% if session.id != current_session %}
<form action="" enctype="multipart/form-data" method="post"> <form action="" enctype="multipart/form-data" method="post">
{{ csrf() }} {{ csrf() }}
{{ f.hidden('id', session.id) }} {{ f.hidden('id', session.id[:15]) }}
{{ f.submit( {{ f.submit(
__('form.delete'), __('form.delete'),
{'name': 'delete', 'btn_type': 'danger', 'size': 'sm', 'icon_left': 'trash'} {'name': 'delete', 'btn_type': 'danger', 'size': 'sm', 'icon_left': 'trash'}

5
src/Controllers/SettingsController.php
View File

@ -307,7 +307,10 @@ class SettingsController extends BaseController
->where('id', '!=', session()->getId()); ->where('id', '!=', session()->getId());
if ($id != 'all') { if ($id != 'all') {
$query = $query->where('id', $id); $this->validate($request, [
'id' => 'required|alnum|length:15:15',
]);
$query = $query->where('id', 'LIKE', $id . '%');
} }
$query->delete(); $query->delete();

9
tests/Unit/Controllers/SettingsControllerTest.php
View File

@ -14,6 +14,7 @@ use Engelsystem\Http\Response;
use Engelsystem\Models\Session as SessionModel; use Engelsystem\Models\Session as SessionModel;
use Engelsystem\Models\User\License; use Engelsystem\Models\User\License;
use Engelsystem\Models\User\Settings; use Engelsystem\Models\User\Settings;
use Illuminate\Support\Str;
use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\MockObject\MockObject;
use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\Session;
use Engelsystem\Helpers\Authenticator; use Engelsystem\Helpers\Authenticator;
@ -595,7 +596,7 @@ class SettingsControllerTest extends ControllerTest
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
->willReturnCallback(function ($view, $data) { ->willReturnCallback(function ($view, $data) {
$this->assertEquals('pages/settings/sessions', $view); $this->assertEquals('pages/settings/sessions', $view);
$this->assertArrayHasKey('sessions', $data); $this->assertArrayHasKey('sessions', $data);
@ -619,7 +620,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', ['http://localhost/settings/sessions'], $this->response); $this->setExpects($this->response, 'redirectTo', ['http://localhost/settings/sessions'], $this->response);
// Delete old user session // Delete old user session
$this->request = $this->request->withParsedBody(['id' => $this->secondSession->id]); $this->request = $this->request->withParsedBody(['id' => Str::substr($this->secondSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request); $this->controller->sessionsDelete($this->request);
$this->assertHasNotification('settings.sessions.delete_success'); $this->assertHasNotification('settings.sessions.delete_success');
@ -636,7 +637,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', null, $this->response); $this->setExpects($this->response, 'redirectTo', null, $this->response);
// Delete active user session // Delete active user session
$this->request = $this->request->withParsedBody(['id' => $this->currentSession->id]); $this->request = $this->request->withParsedBody(['id' => Str::substr($this->currentSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request); $this->controller->sessionsDelete($this->request);
$this->assertCount(4, SessionModel::all()); // None got deleted $this->assertCount(4, SessionModel::all()); // None got deleted
@ -652,7 +653,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', null, $this->response); $this->setExpects($this->response, 'redirectTo', null, $this->response);
// Delete another users session // Delete another users session
$this->request = $this->request->withParsedBody(['id' => $this->otherSession->id]); $this->request = $this->request->withParsedBody(['id' => Str::substr($this->otherSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request); $this->controller->sessionsDelete($this->request);
$this->assertCount(4, SessionModel::all()); // None got deleted $this->assertCount(4, SessionModel::all()); // None got deleted