N°4289 Allow to use privUITransactionFile when no user logged

Before we were throwing a SecurityException, which was blocking for combodo-unauthenticated-form for example
This commit is contained in:
Pierre Goiffon
2021-12-08 16:47:42 +01:00
parent 8a65a592f3
commit f916f9cde8
2 changed files with 15 additions and 4 deletions

View File

@@ -37,5 +37,13 @@ class privUITransactionFileTest extends \Combodo\iTop\Test\UnitTest\ItopDataTest
$this->assertTrue($bUser1Login2, 'Login with user1 throw an error');
$bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUserSupport);
$this->assertTrue($bResult, 'Token created by support user must be removed in the support user context');
// test when no user logged (combodo-unauthenticated-form module for example)
UserRights::_ResetSessionCache();
$sTransactionIdUnauthenticatedUser = privUITransactionFile::GetNewTransactionId();
$bResult = privUITransactionFile::IsTransactionValid($sTransactionIdUnauthenticatedUser, false);
$this->assertTrue($bResult, 'Token created by unauthenticated user must be valid when no user logged');
$bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUnauthenticatedUser);
$this->assertTrue($bResult, 'Token created by unauthenticated user must be removed when no user logged');
}
}