Fix #952 - Session not working with database handler

* Added test for Issue #952
* Providing temps class to fix Laravel version
* Update Changelog
* Update userfrosting/session version

Author: lcharette

CHANGELOG.md

@@ -7,12 +7,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [v4.2.1]
 
+### Added
+- `UserFrosting\Sprinkle\Core\Database\Models\Session` model for the `sessions` db table.
+- `TEST_SESSION_HANDLER` environment variable to set the session save handler to use for Testing.
+- `withDatabaseSessionHandler` Trait for testing. Use `$this->useDatabaseSessionHandler()` to use database session handler in tests.
+
 ### Fixed
 - Italian translation ([#950])
 - User Registration failing when trying to register two accounts with the same email address ([#953])
 - Bad test case for `CoreController::getAsset`.
 - User Model `forceDelete` doesn't remove the record from the DB ([#951])
 - Fix PHP Fatal error that can be thrown when registering a new User
+- Session not working with database handler ([#952])
 
 ## [v4.2.0]
 ### Changed Requirements
@@ -715,6 +721,7 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#940]: https://github.com/userfrosting/UserFrosting/issues/940
 [#950]: https://github.com/userfrosting/UserFrosting/issues/950
 [#951]: https://github.com/userfrosting/UserFrosting/issues/951
+[#952]: https://github.com/userfrosting/UserFrosting/issues/952
 [#953]: https://github.com/userfrosting/UserFrosting/issues/953
 
 [v4.2.0]: https://github.com/userfrosting/UserFrosting/compare/v4.1.22...v4.2.0

app/sprinkles/account/tests/Integration/AuthenticatorTest.php

@@ -12,8 +12,10 @@
 use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
 use UserFrosting\Sprinkle\Account\Facades\Password;
 use UserFrosting\Sprinkle\Account\Tests\withTestUser;
+use UserFrosting\Sprinkle\Core\Database\Models\Session as SessionTable;
 use UserFrosting\Sprinkle\Core\Tests\TestDatabase;
 use UserFrosting\Sprinkle\Core\Tests\RefreshDatabase;
+use UserFrosting\Sprinkle\Core\Tests\withDatabaseSessionHandler;
 use UserFrosting\Tests\TestCase;
 
 /**
@@ -26,6 +28,7 @@ class AuthenticatorTest extends TestCase
     use TestDatabase;
     use RefreshDatabase;
     use withTestUser;
+    use withDatabaseSessionHandler;
 
     /**
      * Setup the test database.
@@ -80,6 +83,54 @@ public function testLogin(Authenticator $authenticator)
         $this->assertNotSame($testUser->id, $this->ci->session[$key]);
     }
 
+    /**
+     * @depends testConstructor
+     * @param Authenticator $authenticator
+     */
+    public function testLoginWithSessionDatabase(Authenticator $authenticator)
+    {
+        // Reset CI Session
+        $this->useDatabaseSessionHandler();
+
+        // Create a test user
+        $testUser = $this->createTestUser();
+
+        // Check the table
+        $this->assertSame(0, SessionTable::count());
+
+        // Test session to avoid false positive
+        $key = $this->ci->config['session.keys.current_user_id'];
+        $this->assertNull($this->ci->session[$key]);
+        $this->assertNotSame($testUser->id, $this->ci->session[$key]);
+
+        // Login the test user
+        $authenticator->login($testUser, false);
+
+        // Test session to see if user was logged in
+        $this->assertNotNull($this->ci->session[$key]);
+        $this->assertSame($testUser->id, $this->ci->session[$key]);
+
+        // Close session to initiate write
+        session_write_close();
+
+        // Check the table again
+        $this->assertSame(1, SessionTable::count());
+
+        // Reopen session
+        $this->ci->session->start();
+
+        // Must logout to avoid test issue
+        $authenticator->logout(true);
+
+        // We'll test the logout system works too while we're at it (and depend on it)
+        $key = $this->ci->config['session.keys.current_user_id'];
+        $this->assertNull($this->ci->session[$key]);
+        $this->assertNotSame($testUser->id, $this->ci->session[$key]);
+
+        // Make sure table entry has been removed
+        $this->assertSame(0, SessionTable::count());
+    }
+
     /**
      * @depends testConstructor
      * @expectedException \UserFrosting\Sprinkle\Account\Authenticate\Exception\AccountInvalidException

app/sprinkles/core/composer.json

@@ -51,7 +51,7 @@
         "userfrosting/cache": "~4.2.0",
         "userfrosting/fortress": "~4.2.0",
         "userfrosting/i18n": "~4.2.0",
-        "userfrosting/session": "~4.2.0",
+        "userfrosting/session": "~4.2.2",
         "userfrosting/support": "~4.2.0",
         "vlucas/phpdotenv": "^2"
     },

app/sprinkles/core/config/testing.php

@@ -60,7 +60,7 @@
      * Disable native sessions in tests
      */
     'session' => [
-        'handler' => 'array'
+        'handler' => getenv('TEST_SESSION_HANDLER') ?: 'array'
     ],
     /*
      * Database to use when using the TestDatabase Trait

app/sprinkles/core/src/Database/Models/Session.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @copyright Copyright (c) 2019 Alexander Weissman
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Core\Database\Models;
+
+/**
+ * Session Class
+ *
+ * Represents a session object as stored in the database.
+ */
+class Session extends Model
+{
+    /**
+     * @var string The name of the table for the current model.
+     */
+    protected $table = 'sessions';
+}

app/sprinkles/core/src/ServicesProvider/ServicesProvider.php

@@ -16,7 +16,6 @@
 use Illuminate\Database\Events\QueryExecuted;
 use Illuminate\Events\Dispatcher;
 use Illuminate\Filesystem\Filesystem;
-use Illuminate\Session\DatabaseSessionHandler;
 use Illuminate\Session\FileSessionHandler;
 use Interop\Container\ContainerInterface;
 use League\FactoryMuffin\FactoryMuffin;
@@ -50,6 +49,7 @@
 use UserFrosting\Sprinkle\Core\Database\Seeder\Seeder;
 use UserFrosting\Sprinkle\Core\Filesystem\FilesystemManager;
 use UserFrosting\Sprinkle\Core\Router;
+use UserFrosting\Sprinkle\Core\Session\DatabaseSessionHandler;
 use UserFrosting\Sprinkle\Core\Session\NullSessionHandler;
 use UserFrosting\Sprinkle\Core\Throttle\Throttler;
 use UserFrosting\Sprinkle\Core\Throttle\ThrottleRule;

app/sprinkles/core/src/Session/DatabaseSessionHandler.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @copyright Copyright (c) 2019 Alexander Weissman
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Core\Session;
+
+use Illuminate\Session\DatabaseSessionHandler as LaravelDatabaseSessionHandler;
+
+/**
+ * Temp class until we update to Laravel 5.5.
+ * A bug was fixed in 5.5, which caused https://github.com/userfrosting/UserFrosting/issues/952
+ * @see https://github.com/laravel/framework/commit/24356a8ca677ba589b8f2d00f24ce3e9a7a1e02d#diff-9a772ff9941d635b86a27ca1ea149e73
+ */
+class DatabaseSessionHandler extends LaravelDatabaseSessionHandler
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function read($sessionId)
+    {
+        $session = (object) $this->getQuery()->find($sessionId);
+
+        if ($this->expired($session)) {
+            $this->exists = true;
+
+            return '';
+        }
+
+        if (isset($session->payload)) {
+            $this->exists = true;
+
+            return base64_decode($session->payload);
+        }
+        
+        return '';
+    }
+}

app/sprinkles/core/tests/Integration/Session/SessionDatabaseHandlerTest.php

@@ -0,0 +1,164 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @copyright Copyright (c) 2019 Alexander Weissman
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Account\Tests\Integration\Session;
+
+use UserFrosting\Session\Session;
+use UserFrosting\Sprinkle\Core\Database\Models\Session as SessionTable;
+use UserFrosting\Sprinkle\Core\Session\DatabaseSessionHandler;
+use UserFrosting\Sprinkle\Core\Tests\TestDatabase;
+use UserFrosting\Sprinkle\Core\Tests\RefreshDatabase;
+use UserFrosting\Sprinkle\Core\Tests\withDatabaseSessionHandler;
+use UserFrosting\Tests\TestCase;
+
+/**
+ * Integration tests for the session service.
+ */
+class SessionDatabaseHandlerTest extends TestCase
+{
+    use TestDatabase;
+    use RefreshDatabase;
+    use withDatabaseSessionHandler;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->setupTestDatabase();
+        $this->refreshDatabase();
+    }
+
+    /**
+     * Test session table connection & existance
+     */
+    public function testSessionTable()
+    {
+        $connection = $this->ci->db->connection();
+        $config = $this->ci->config;
+        $table = $config['session.database.table'];
+
+        // Check connexion is ok and returns what's expected from DatabaseSessionHandler
+        $this->assertInstanceOf(\Illuminate\Database\ConnectionInterface::class, $connection);
+        $this->assertInstanceOf(\Illuminate\Database\Query\Builder::class, $connection->table($table));
+
+        // Check table exist
+        $this->assertTrue($connection->getSchemaBuilder()->hasTable($table));
+    }
+
+    /**
+     * @depends testSessionTable
+     */
+    public function testSessionWrite()
+    {
+        $config = $this->ci->config;
+        $connection = $this->ci->db->connection();
+
+        // Define random session ID
+        $session_id = 'test'.rand(1, 100000);
+
+        // Make sure db is empty at first
+        $this->assertEquals(0, SessionTable::count());
+        $this->assertNull(SessionTable::find($session_id));
+
+        // Get handler
+        $handler = new DatabaseSessionHandler($connection, $config['session.database.table'], $config['session.minutes']);
+
+        // Write session
+        // https://github.com/laravel/framework/blob/5.4/src/Illuminate/Session/DatabaseSessionHandler.php#L132
+        $this->assertTrue($handler->write($session_id, 'foo'));
+
+        // Closing the handler does nothing anyway
+        // https://github.com/laravel/framework/blob/5.4/src/Illuminate/Session/DatabaseSessionHandler.php#L78
+        $this->assertTrue($handler->close());
+
+        // Read session
+        // https://github.com/laravel/framework/blob/5.4/src/Illuminate/Session/DatabaseSessionHandler.php#L86-L101
+        $this->assertSame('foo', $handler->read($session_id));
+
+        // Check manually that the file has been written
+        $this->assertNotEquals(0, SessionTable::count());
+        $this->assertNotNull(SessionTable::find($session_id));
+        $this->assertSame(base64_encode('foo'), SessionTable::find($session_id)->payload);
+
+        // Destroy session
+        // https://github.com/laravel/framework/blob/5.4/src/Illuminate/Session/DatabaseSessionHandler.php#L256
+        $this->assertTrue($handler->destroy($session_id));
+
+        // Check db to make sure it's gone
+        $this->assertEquals(0, SessionTable::count());
+        $this->assertNull(SessionTable::find($session_id));
+    }
+
+    /**
+     * Simulate session service with database handler.
+     * We can't use the real service as it is created before we can even setup
+     * the in-memory database with the basic table we need
+     *
+     * @depends testSessionWrite
+     */
+    public function testUsingSessionDouble()
+    {
+        $this->ci->session->destroy();
+
+        $config = $this->ci->config;
+        $connection = $this->ci->db->connection();
+        $handler = new DatabaseSessionHandler($connection, $config['session.database.table'], $config['session.minutes']);
+        $session = new Session($handler, $config['session']);
+
+        $this->assertInstanceOf(Session::class, $session);
+        $this->assertInstanceOf(DatabaseSessionHandler::class, $session->getHandler());
+        $this->assertSame($handler, $session->getHandler());
+
+        $this->sessionTests($session);
+    }
+
+    /**
+     * @depends testUsingSessionDouble
+     */
+    public function testUsingSessionService()
+    {
+        // Reset CI Session
+        $this->useDatabaseSessionHandler();
+
+        // Make sure config is set
+        $this->sessionTests($this->ci->session);
+    }
+
+    /**
+     * @param  Session $session
+     */
+    protected function sessionTests(Session $session)
+    {
+        // Make sure session service have correct instance
+        $this->assertInstanceOf(Session::class, $session);
+        $this->assertInstanceOf(DatabaseSessionHandler::class, $session->getHandler());
+
+        // Destroy previously defined session
+        $session->destroy();
+
+        // Start new one and validate status
+        $this->assertSame(PHP_SESSION_NONE, $session->status());
+        $session->start();
+        $this->assertSame(PHP_SESSION_ACTIVE, $session->status());
+
+        // Get id
+        $session_id = $session->getId();
+
+        // Set something to the session
+        $session->set('foo', 'bar');
+        $this->assertEquals('bar', $session->get('foo'));
+
+        // Close session to initiate write
+        session_write_close();
+
+        // Make sure db was filled with something
+        $this->assertNotEquals(0, SessionTable::count());
+        $this->assertNotNull(SessionTable::find($session_id));
+    }
+}