Merge pull request #7 from BulkGate/security-token

lukaspijak · web-flow · commit c1957348d9e2 · 2025-06-04T14:07:14.000+02:00
Security token
diff --git a/src/Settings/Settings.php b/src/Settings/Settings.php
@@ -117,6 +117,8 @@ public function install(bool $update = false): void
 
 	public function uninstall(): void
 	{
+		$this->delete('static:application_token');
+
 		if ($this->load('main:delete_db') ?? false)
 		{
 			$this->repository->dropTable();
diff --git a/src/User/Sign.php b/src/User/Sign.php
@@ -8,7 +8,7 @@
  */
 
 use BulkGate\{Plugin\AuthenticateException, Plugin\Debug\Logger, Plugin\Eshop\Configuration, Plugin\InvalidResponseException, Plugin\IO\Connection, Plugin\IO\Request, Plugin\IO\Url, Plugin\Localization\Language, Plugin\Settings\Settings, Plugin\Strict, Plugin\Utils\Jwt};
-use function array_merge;
+use function array_merge, time;
 
 class Sign
 {
@@ -83,7 +83,7 @@ public function in(string $email, string $password, ?string $success_redirect =
 			$this->settings->set('static:application_token', $response->data['data']['application_token'], ['type' => 'string']);
 			$this->settings->set('static:synchronize', 0, ['type' => 'int']);
 
-			return ['token' => $this->authenticate(true), 'data' => ['redirect' => $success_redirect]];
+			return ['token' => $this->authenticate(true, ['expire' => time() + 300]), 'data' => ['redirect' => $success_redirect]];
 		}
 		catch (InvalidResponseException|AuthenticateException $e)
 		{
@@ -101,6 +101,6 @@ public function out(string $success_redirect): array
 	{
 		$this->settings->delete('static:application_token');
 
-		return ['token' => $this->authenticate(true), 'data' => ['redirect' => $success_redirect]];
+		return ['token' => $this->authenticate(true, ['expire' => time() + 300]), 'data' => ['redirect' => $success_redirect]];
 	}
 }
diff --git a/tests/Settings/SettingsTest.phpt b/tests/Settings/SettingsTest.phpt
@@ -102,6 +102,7 @@ class SettingsTest extends TestCase
 			'delete_db' => new Setting(['scope' => 'main', 'key' => 'delete_db', 'type' => 'bool', 'value' => '1']),
 		]));
 		$repository->shouldReceive('dropTable')->withNoArgs()->once();
+		$repository->shouldReceive('remove')->with('static', 'application_token')->once();
 
 		Assert::noError(fn () => $settings->uninstall());
 	}

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,8 @@ public function install(bool $update = false): void`
`117`	`117`
`118`	`118`	`public function uninstall(): void`
`119`	`119`	`{`
	`120`	`+ $this->delete('static:application_token');`
	`121`	`+`
`120`	`122`	`if ($this->load('main:delete_db') ?? false)`
`121`	`123`	`{`
`122`	`124`	`$this->repository->dropTable();`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*/`
`9`	`9`
`10`	`10`	`use BulkGate\{Plugin\AuthenticateException, Plugin\Debug\Logger, Plugin\Eshop\Configuration, Plugin\InvalidResponseException, Plugin\IO\Connection, Plugin\IO\Request, Plugin\IO\Url, Plugin\Localization\Language, Plugin\Settings\Settings, Plugin\Strict, Plugin\Utils\Jwt};`
`11`		`-use function array_merge;`
	`11`	`+use function array_merge, time;`
`12`	`12`
`13`	`13`	`class Sign`
`14`	`14`	`{`
`@@ -83,7 +83,7 @@ public function in(string $email, string $password, ?string $success_redirect =`
`83`	`83`	`$this->settings->set('static:application_token', $response->data['data']['application_token'], ['type' => 'string']);`
`84`	`84`	`$this->settings->set('static:synchronize', 0, ['type' => 'int']);`
`85`	`85`
`86`		`- return ['token' => $this->authenticate(true), 'data' => ['redirect' => $success_redirect]];`
	`86`	`+ return ['token' => $this->authenticate(true, ['expire' => time() + 300]), 'data' => ['redirect' => $success_redirect]];`
`87`	`87`	`}`
`88`	`88`	`catch (InvalidResponseException\|AuthenticateException $e)`
`89`	`89`	`{`
`@@ -101,6 +101,6 @@ public function out(string $success_redirect): array`
`101`	`101`	`{`
`102`	`102`	`$this->settings->delete('static:application_token');`
`103`	`103`
`104`		`- return ['token' => $this->authenticate(true), 'data' => ['redirect' => $success_redirect]];`
	`104`	`+ return ['token' => $this->authenticate(true, ['expire' => time() + 300]), 'data' => ['redirect' => $success_redirect]];`
`105`	`105`	`}`
`106`	`106`	`}`
Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,7 @@ class SettingsTest extends TestCase`
`102`	`102`	`'delete_db' => new Setting(['scope' => 'main', 'key' => 'delete_db', 'type' => 'bool', 'value' => '1']),`
`103`	`103`	`]));`
`104`	`104`	`$repository->shouldReceive('dropTable')->withNoArgs()->once();`
	`105`	`+ $repository->shouldReceive('remove')->with('static', 'application_token')->once();`
`105`	`106`
`106`	`107`	`Assert::noError(fn () => $settings->uninstall());`
`107`	`108`	`}`