diff --git a/application/transaction.class.inc.php b/application/transaction.class.inc.php index 73b84d3c4..08205f5e4 100644 --- a/application/transaction.class.inc.php +++ b/application/transaction.class.inc.php @@ -193,16 +193,19 @@ class privUITransactionSession */ class privUITransactionFile { + /** @var int Value to use when no user logged */ + const UNAUTHENTICATED_USER_ID = -666; + /** - * @return int - * @throws \SecurityException if no connected user + * @return int current user id, or {@see self::UNAUTHENTICATED_USER_ID} if no user logged * * @since 2.6.5 2.7.6 3.0.0 N°4289 method creation */ - private static function GetCurrentUserId() { + private static function GetCurrentUserId() + { $iCurrentUserId = UserRights::GetConnectedUserId(); if ('' === $iCurrentUserId) { - throw new SecurityException('Cannot creation transaction_id when no user logged'); + $iCurrentUserId = static::UNAUTHENTICATED_USER_ID; } return $iCurrentUserId; diff --git a/test/application/privUITransactionFileTest.php b/test/application/privUITransactionFileTest.php index b4593c90b..de36678d9 100644 --- a/test/application/privUITransactionFileTest.php +++ b/test/application/privUITransactionFileTest.php @@ -171,5 +171,13 @@ class privUITransactionFileTest extends ItopDataTestCase $this->assertTrue($bUser1Login2, 'Login with user1 throw an error'); $bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUserSupport); $this->assertTrue($bResult, 'Token created by support user must be removed in the support user context'); + + // test when no user logged (combodo-unauthenticated-form module for example) + UserRights::_ResetSessionCache(); + $sTransactionIdUnauthenticatedUser = privUITransactionFile::GetNewTransactionId(); + $bResult = privUITransactionFile::IsTransactionValid($sTransactionIdUnauthenticatedUser, false); + $this->assertTrue($bResult, 'Token created by unauthenticated user must be valid when no user logged'); + $bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUnauthenticatedUser); + $this->assertTrue($bResult, 'Token created by unauthenticated user must be removed when no user logged'); } }