N°4289 Allow to use privUITransactionFile when no user logged

Before we were throwing a SecurityException, which was blocking for combodo-unauthenticated-form for example

application/transaction.class.inc.php

@@ -193,16 +193,19 @@ class privUITransactionSession
  */
 class privUITransactionFile
 {
+	/** @var int Value to use when no user logged */
+	const UNAUTHENTICATED_USER_ID = -666;
+
 	/**
-	 * @return int
-	 * @throws \SecurityException if no connected user
+	 * @return int current user id, or {@see self::UNAUTHENTICATED_USER_ID} if no user logged
 	 *
 	 * @since 2.6.5 2.7.6 3.0.0 N°4289 method creation
 	 */
-	private static function GetCurrentUserId() {
+	private static function GetCurrentUserId()
+	{
 		$iCurrentUserId = UserRights::GetConnectedUserId();
 		if ('' === $iCurrentUserId) {
-			throw new SecurityException('Cannot creation transaction_id when no user logged');
+			$iCurrentUserId = static::UNAUTHENTICATED_USER_ID;
 		}
 
 		return $iCurrentUserId;

test/application/privUITransactionFileTest.php

@@ -37,5 +37,13 @@ class privUITransactionFileTest extends \Combodo\iTop\Test\UnitTest\ItopDataTest
 		$this->assertTrue($bUser1Login2, 'Login with user1 throw an error');
 		$bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUserSupport);
 		$this->assertTrue($bResult, 'Token created by support user must be removed in the support user context');
+
+		// test when no user logged (combodo-unauthenticated-form module for example)
+		UserRights::_ResetSessionCache();
+		$sTransactionIdUnauthenticatedUser = privUITransactionFile::GetNewTransactionId();
+		$bResult = privUITransactionFile::IsTransactionValid($sTransactionIdUnauthenticatedUser, false);
+		$this->assertTrue($bResult, 'Token created by unauthenticated user must be valid when no user logged');
+		$bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUnauthenticatedUser);
+		$this->assertTrue($bResult, 'Token created by unauthenticated user must be removed when no user logged');
 	}
 }