From f916f9cde893a6d1491a4f414bd39aa7331b7d51 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Wed, 8 Dec 2021 16:47:42 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B04289=20Allow=20to=20use=20privUITransact?= =?UTF-8?q?ionFile=20when=20no=20user=20logged=20Before=20we=20were=20thro?= =?UTF-8?q?wing=20a=20SecurityException,=20which=20was=20blocking=20for=20?= =?UTF-8?q?combodo-unauthenticated-form=20for=20example?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/transaction.class.inc.php | 11 +++++++---- test/application/privUITransactionFileTest.php | 8 ++++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/application/transaction.class.inc.php b/application/transaction.class.inc.php index 053c71891..6310c8c33 100644 --- a/application/transaction.class.inc.php +++ b/application/transaction.class.inc.php @@ -193,16 +193,19 @@ class privUITransactionSession */ class privUITransactionFile { + /** @var int Value to use when no user logged */ + const UNAUTHENTICATED_USER_ID = -666; + /** - * @return int - * @throws \SecurityException if no connected user + * @return int current user id, or {@see self::UNAUTHENTICATED_USER_ID} if no user logged * * @since 2.6.5 2.7.6 3.0.0 N°4289 method creation */ - private static function GetCurrentUserId() { + private static function GetCurrentUserId() + { $iCurrentUserId = UserRights::GetConnectedUserId(); if ('' === $iCurrentUserId) { - throw new SecurityException('Cannot creation transaction_id when no user logged'); + $iCurrentUserId = static::UNAUTHENTICATED_USER_ID; } return $iCurrentUserId; diff --git a/test/application/privUITransactionFileTest.php b/test/application/privUITransactionFileTest.php index d416e3e22..e8e734625 100644 --- a/test/application/privUITransactionFileTest.php +++ b/test/application/privUITransactionFileTest.php @@ -37,5 +37,13 @@ class privUITransactionFileTest extends \Combodo\iTop\Test\UnitTest\ItopDataTest $this->assertTrue($bUser1Login2, 'Login with user1 throw an error'); $bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUserSupport); $this->assertTrue($bResult, 'Token created by support user must be removed in the support user context'); + + // test when no user logged (combodo-unauthenticated-form module for example) + UserRights::_ResetSessionCache(); + $sTransactionIdUnauthenticatedUser = privUITransactionFile::GetNewTransactionId(); + $bResult = privUITransactionFile::IsTransactionValid($sTransactionIdUnauthenticatedUser, false); + $this->assertTrue($bResult, 'Token created by unauthenticated user must be valid when no user logged'); + $bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUnauthenticatedUser); + $this->assertTrue($bResult, 'Token created by unauthenticated user must be removed when no user logged'); } } \ No newline at end of file