Skip to content
Snippets Groups Projects

Fix bug with non-HTTP Shib sessions being valid for HTTP sessions

Merged Fix bug with non-HTTP Shib sessions being valid for HTTP sessions
andrew-summers/uw-php-security:test-fix into master
Merged Andy Summers requested to merge andrew-summers/uw-php-security:test-fix into master

Previously, the PreauthUserDetailsProvider was only checking that a valid Shib session existed by looking for the regular or HTTP Shib session header. This check is now strengthened by validating the correct header exists for the correct instance.

Also renamed and changed some things in the Preauth test--it's now called HTTPPreauthUserDetailsProviderTest to reflect the fact that it's only testing the HTTP version of Preauth. Along those same lines, the test user now uses the HTTP headers and has been renamed to testuser_http.json.

Please review: @ahoffmann

Merge request reports

Merged by avatar (Apr 1, 2025 1:06pm UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Andy Summers
    Andy Summers @andrew-summers ·
    Author Contributor

    Manual Jenkins since it's down... BUILD TRIGGERED BUILD STARTED TESTS PASSED

    Buildfile: /Users/apsummers/Developer/uw-php-security/build.xml

uw-php-security > main:


uw-php-security > get-composer:


uw-php-security > composer-install:

 [composer] executing /usr/local/Cellar/php56/5.6.23/bin/php composer.phar install

uw-php-security > get-phpunit:


uw-php-security > test:

PHPUnit 5.4.6 by Sebastian Bergmann and contributors.

Runtime:       PHP 5.6.23 with Xdebug 2.4.0
Configuration: /Users/apsummers/Developer/uw-php-security/phpunit.xml

....                                                                4 / 4 (100%)

Time: 274 ms, Memory: 19.75MB

OK (4 tests, 19 assertions)

Generating code coverage report in Clover XML format ... done

Generating code coverage report in HTML format ...
Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in phar:///Users/apsummers/Developer/uw-php-security/phpunit.phar/php-code-coverage/Report/Html/Facade.php on line 70

Call Stack:
    0.0085     693040   1. {main}() /Users/apsummers/Developer/uw-php-security/phpunit.phar:0
    0.0729   13301288   2. PHPUnit_TextUI_Command::main() /Users/apsummers/Developer/uw-php-security/phpunit.phar:569
    0.0729   13301912   3. PHPUnit_TextUI_Command->run() phar:///Users/apsummers/Developer/uw-php-security/phpunit.phar/phpunit/TextUI/Command.php:113
    0.0845   13848448   4. PHPUnit_TextUI_TestRunner->doRun() phar:///Users/apsummers/Developer/uw-php-security/phpunit.phar/phpunit/TextUI/Command.php:162
    0.2950   15728280   5. SebastianBergmann\CodeCoverage\Report\Html\Facade->process() phar:///Users/apsummers/Developer/uw-php-security/phpunit.phar/phpunit/TextUI/TestRunner.php:526
    0.3123   16412424   6. date() phar:///Users/apsummers/Developer/uw-php-security/phpunit.phar/php-code-coverage/Report/Html/Facade.php:70

 done

BUILD FINISHED

Total time: 0.8611 seconds
  • Andrew Hoffmann
    Andrew Hoffmann @ahoffmann ·
    Contributor

    Awesome, thanks! :thumbsup:

    (Set your timezone, foo)

  • Andy Summers Status changed to merged

    Status changed to merged

  • Andy Summers mentioned in commit 661a01b1

    mentioned in commit 661a01b1

Please register or sign in to reply