diff --git a/.travis.yml b/.travis.yml index 17531c8..beefe35 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,8 +19,8 @@ before_script: - composer install -n script: - - if [[ "$ANALYSIS" != 'true' ]]; then vendor/bin/phpunit ; fi - - if [[ "$ANALYSIS" == 'true' ]]; then vendor/bin/phpunit --coverage-clover clover.xml ; fi + - if [[ "$ANALYSIS" != 'true' ]]; then XDEBUG_MODE=coverage ./vendor/bin/phpunit; fi + - if [[ "$ANALYSIS" == 'true' ]]; then XDEBUG_MODE=coverage ./vendor/bin/phpunit --coverage-clover clover.xml ; fi after_success: - if [[ "$ANALYSIS" == 'true' ]]; then vendor/bin/php-coveralls --coverage_clover=clover.xml -v ; fi diff --git a/src/Guard.php b/src/Guard.php index 9e3721a..4936459 100644 --- a/src/Guard.php +++ b/src/Guard.php @@ -415,14 +415,13 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface $value = $body[$this->getTokenValueKey()] ?? null; } - if ($name === null - || $value === null - || !$this->validateToken((string) $name, (string) $value) - ) { - if (!$this->persistentTokenMode && is_string($name)) { - $this->removeTokenFromStorage($name); - } + $isValid = $this->validateToken((string) $name, (string) $value); + if ($isValid && !$this->persistentTokenMode) { + // successfully validated token, so delete it if not in persistentTokenMode + $this->removeTokenFromStorage($name); + } + if ($name === null || $value === null || !$isValid) { $request = $this->appendNewTokenToRequest($request); return $this->handleFailure($request, $handler); } diff --git a/tests/GuardTest.php b/tests/GuardTest.php index 1b1f65b..bd410c6 100644 --- a/tests/GuardTest.php +++ b/tests/GuardTest.php @@ -279,43 +279,46 @@ public function testEnforceStorageLimitWithIterator() public function testTokenIsRemovedFromStorageWhenPersistentModeIsOff() { - $self = $this; - $storage = [ 'test_name' => 'test_value123', ]; + + $responseProphecy = $this->prophesize(ResponseInterface::class) + ->willImplement(ResponseInterface::class); + + $requestHandlerProphecy = $this->prophesize(RequestHandlerInterface::class); + $requestHandlerProphecy + ->handle(Argument::type(ServerRequestInterface::class)) + ->willReturn($responseProphecy->reveal()) + ->shouldBeCalledOnce(); + $responseFactoryProphecy = $this->prophesize(ResponseFactoryInterface::class); - $handler = function () use ($self, &$called) { - $responseProphecy = $self->prophesize(ResponseInterface::class); - return $responseProphecy->reveal(); - }; - $mw = new Guard($responseFactoryProphecy->reveal(), 'test', $storage, $handler); + + $mw = new Guard($responseFactoryProphecy->reveal(), 'test', $storage); $requestProphecy = $this->prophesize(ServerRequestInterface::class); $requestProphecy ->getMethod() ->willReturn('POST') ->shouldBeCalledOnce(); - $requestProphecy ->withAttribute(Argument::type('string'), Argument::type('string')) ->willReturn($requestProphecy->reveal()) ->shouldBeCalledTimes(2); - $requestProphecy ->getParsedBody() ->willReturn([ - 'test_name' => 'test_name123', - 'test_value' => 'invalid_value', + 'test_name' => 'test_name', + 'test_value' => 'test_value123', ]) ->shouldBeCalledOnce(); - $requestHandlerProphecy = $this->prophesize(RequestHandlerInterface::class); $mw->process($requestProphecy->reveal(), $requestHandlerProphecy->reveal()); - $this->assertArrayNotHasKey('test_name123', $storage); + self::assertArrayNotHasKey('test_name', $storage); } + public function testProcessAppendsNewTokensWhenPersistentTokenModeIsOff() { $storage = [];