incubator-zeta-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jero...@apache.org
Subject [zeta-commits] svn commit: r1145100 - in /incubator/zetacomponents/trunk/Authentication: src/options/session_options.php src/session/authentication_session.php tests/session/session_test.php
Date Mon, 11 Jul 2011 10:01:16 GMT
Author: jeromer
Date: Mon Jul 11 10:01:16 2011
New Revision: 1145100

URL: http://svn.apache.org/viewvc?rev=1145100&view=rev
Log:
- Fixed #ZETACOMP-81: user inactivity should be supported

Modified:
    incubator/zetacomponents/trunk/Authentication/src/options/session_options.php
    incubator/zetacomponents/trunk/Authentication/src/session/authentication_session.php
    incubator/zetacomponents/trunk/Authentication/tests/session/session_test.php

Modified: incubator/zetacomponents/trunk/Authentication/src/options/session_options.php
URL: http://svn.apache.org/viewvc/incubator/zetacomponents/trunk/Authentication/src/options/session_options.php?rev=1145100&r1=1145099&r2=1145100&view=diff
==============================================================================
--- incubator/zetacomponents/trunk/Authentication/src/options/session_options.php (original)
+++ incubator/zetacomponents/trunk/Authentication/src/options/session_options.php Mon Jul
11 10:01:16 2011
@@ -32,9 +32,11 @@
  * <code>
  * // create an options object
  * $options = new ezcAuthenticationSessionOptions();
- * $options->validity = 60;
+ * $options->validity = 3600;
+ * $options->idleTimeout = 600;
  * $options->idKey = 'xxx';
  * $options->timestampKey = 'yyy';
+ * $options->lastActivityTimestampKey = 'zzz';
  *
  * // use the options object when creating a new Session object
  * $filter = new ezcAuthenticationSession( $options );
@@ -45,12 +47,16 @@
  * </code>
  *
  * @property int $validity
+ *           The maximal amount of seconds the session is valid.
+ * @property int $idleTimeout
  *           The amount of seconds the session can be idle.
  * @property string $idKey
  *           The key to use in $_SESSION to hold the user ID of the user who is
  *           logged in.
  * @property string $timestampKey
  *           The key to use in $_SESSION to hold the authentication timestamp.
+ * @property string $lastActivityTimestampKey
+ *           The key to use in $_SESSION to hold the last activity timestamp.
  *
  * @package Authentication
  * @version //autogen//
@@ -69,8 +75,10 @@ class ezcAuthenticationSessionOptions ex
     public function __construct( array $options = array() )
     {
         $this->validity = 1200; // seconds
+        $this->idleTimeout = 600;
         $this->idKey = 'ezcAuth_id';
         $this->timestampKey = 'ezcAuth_timestamp';
+        $this->lastActivityTimestampKey = 'ezcAuth_lastActivityTimestamp';
 
         parent::__construct( $options );
     }
@@ -91,6 +99,7 @@ class ezcAuthenticationSessionOptions ex
         switch ( $name )
         {
             case 'validity':
+            case 'idleTimeout':
                 if ( !is_numeric( $value ) || ( $value < 1 ) )
                 {
                     throw new ezcBaseValueException( $name, $value, 'int >= 1' );
@@ -100,6 +109,7 @@ class ezcAuthenticationSessionOptions ex
 
             case 'idKey':
             case 'timestampKey':
+            case 'lastActivityTimestampKey':
                 if ( !is_string( $value ) )
                 {
                     throw new ezcBaseValueException( $name, $value, 'string' );

Modified: incubator/zetacomponents/trunk/Authentication/src/session/authentication_session.php
URL: http://svn.apache.org/viewvc/incubator/zetacomponents/trunk/Authentication/src/session/authentication_session.php?rev=1145100&r1=1145099&r2=1145100&view=diff
==============================================================================
--- incubator/zetacomponents/trunk/Authentication/src/session/authentication_session.php (original)
+++ incubator/zetacomponents/trunk/Authentication/src/session/authentication_session.php Mon
Jul 11 10:01:16 2011
@@ -9,9 +9,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- * 
+ *
  *   http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -106,7 +106,7 @@ class ezcAuthenticationSession
 
     /**
      * Options for authentication filters.
-     * 
+     *
      * @var ezcAuthenticationFilterOptions
      */
     protected $options;
@@ -130,18 +130,35 @@ class ezcAuthenticationSession
     public function run( $credentials )
     {
         $this->start();
-        if ( isset( $_SESSION[$this->options->timestampKey] ) && 
-             time() - $_SESSION[$this->options->timestampKey] >= $this->options->validity
+
+        $now = $_SERVER["REQUEST_TIME"];
+
+        // inactivity
+        if ( isset( $_SESSION[$this->options->lastActivityTimestampKey] ) &&
+             $now - $_SESSION[$this->options->lastActivityTimestampKey] >= $this->options->idleTimeout
            )
         {
             $this->destroy();
             $this->regenerateId();
             return self::STATUS_EXPIRED;
         }
+
+        // max session timeout
+        if ( isset( $_SESSION[$this->options->timestampKey] ) &&
+             $now - $_SESSION[$this->options->timestampKey] >= $this->options->validity
+           )
+        {
+            $this->destroy();
+            $this->regenerateId();
+            return self::STATUS_EXPIRED;
+        }
+
         if ( $this->load() !== null )
         {
+            $_SESSION[$this->options->lastActivityTimestampKey] = time();
             return self::STATUS_OK;
         }
+
         return self::STATUS_EMPTY;
     }
 
@@ -242,6 +259,7 @@ class ezcAuthenticationSession
     {
         $_SESSION[$this->options->idKey] = $data;
         $_SESSION[$this->options->timestampKey] = time();
+        $_SESSION[$this->options->lastActivityTimestampKey] = time();
     }
 
     /**
@@ -251,8 +269,9 @@ class ezcAuthenticationSession
     {
         unset( $_SESSION[$this->options->idKey] );
         unset( $_SESSION[$this->options->timestampKey] );
+        unset( $_SESSION[$this->options->lastActivityTimestampKey] );
     }
-    
+
     /**
      * Regenerates the session ID.
      */

Modified: incubator/zetacomponents/trunk/Authentication/tests/session/session_test.php
URL: http://svn.apache.org/viewvc/incubator/zetacomponents/trunk/Authentication/tests/session/session_test.php?rev=1145100&r1=1145099&r2=1145100&view=diff
==============================================================================
--- incubator/zetacomponents/trunk/Authentication/tests/session/session_test.php (original)
+++ incubator/zetacomponents/trunk/Authentication/tests/session/session_test.php Mon Jul 11
10:01:16 2011
@@ -37,6 +37,7 @@ class ezcAuthenticationSessionTest exten
     public static $id = 'john.doe';
     public static $idKey = 'ezcAuth_id';
     public static $timestampKey = 'ezcAuth_timestamp';
+    public static $lastActivityTimestampKey = 'ezcAuth_lastActivityTimestamp';
 
     public static function suite()
     {
@@ -153,12 +154,40 @@ class ezcAuthenticationSessionTest exten
         $this->assertEquals( false, isset( $_SESSION[self::$idKey] ) );
     }
 
+    public function testSessionIsValidIdleTimeout()
+    {
+        $_SESSION[self::$lastActivityTimestampKey] = time();
+        $_SESSION[self::$idKey] = self::$id;
+        $credentials = new ezcAuthenticationIdCredentials( self::$id );
+
+        $options = new ezcAuthenticationSessionOptions();
+        $options->validity = 3;
+        $options->idleTimeout = 1;
+        $session = new ezcAuthenticationSession( $options );
+        $this->assertEquals( true, $session->isValid( $credentials ) );
+    }
+
+    public function testSessionIsValidIdleTimeoutExpired()
+    {
+        $_SESSION[self::$lastActivityTimestampKey] = time() - 10;
+        $_SESSION[self::$idKey] = self::$id;
+        $credentials = new ezcAuthenticationIdCredentials( self::$id );
+
+        $options = new ezcAuthenticationSessionOptions();
+        $options->validity = 100;
+        $options->idleTimeout = 5;
+        $session = new ezcAuthenticationSession( $options );
+        $this->assertEquals( false, $session->isValid( $credentials ) );
+    }
+
     public function testSessionOptions()
     {
         $options = new ezcAuthenticationSessionOptions();
 
         $this->invalidPropertyTest( $options, 'validity', 'wrong value', 'int >= 1'
);
         $this->invalidPropertyTest( $options, 'validity', 0, 'int >= 1' );
+        $this->invalidPropertyTest( $options, 'idleTimeout', 'wrong value', 'int >=
1'  );
+        $this->invalidPropertyTest( $options, 'idleTimeout', 0, 'int >= 1'  );
         $this->invalidPropertyTest( $options, 'idKey', array(), 'string' );
         $this->invalidPropertyTest( $options, 'timestampKey', array(), 'string' );
         $this->missingPropertyTest( $options, 'no_such_option' );



Mime
View raw message