Merge pull request #5728 from rxu/ticket/15294

[ticket/15294] Fix session_gc() selecting expired sessions for unique users
author: Marc Alexander <admin@m-a-styles.de> 2019-12-15 20:26:01 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2019-12-15 20:26:01 +0100
commit: bcc90133a88a4d9536ae715c40f0b5d08dbd659d (patch)
tree: 8ff0e66344fb9e5bb7f6d9d5ccf445874812946c /tests
parent: 611b3c4e4641d42ebe5d3225aaa8f7305a3380f9 (diff)
parent: 7ea063100e23234bf0d6a79fd0411e956a1b6668 (diff)
download: forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar
forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar.gz
forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar.bz2
forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar.xz
forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.zip
3 files changed, 147 insertions, 8 deletions
diff --git a/tests/session/fixtures/sessions_garbage.xml b/tests/session/fixtures/sessions_garbage.xml
index 5eace839d0..59a2dc2ebe 100644
--- a/tests/session/fixtures/sessions_garbage.xml
+++ b/tests/session/fixtures/sessions_garbage.xml
@@ -5,11 +5,23 @@
 		<column>username_clean</column>
 		<column>user_permissions</column>
 		<column>user_sig</column>
+		<column>user_lastpage</column>
+		<column>user_lastvisit</column>
 		<row>
 			<value>4</value>
 			<value>bar</value>
 			<value></value>
 			<value></value>
+			<value>oldpage_user_bar.php</value>
+			<value>1400000000</value>
+		</row>
+		<row>
+			<value>5</value>
+			<value>foo</value>
+			<value></value>
+			<value></value>
+			<value>oldpage_user_foo.php</value>
+			<value>1400000000</value>
 		</row>
 	</table>
 	<table name="phpbb_sessions">
@@ -18,12 +30,16 @@
 		<column>session_ip</column>
 		<column>session_browser</column>
 		<column>session_admin</column>
+		<column>session_page</column>
+		<column>session_time</column>
 		<row>
 			<value>anon_session00000000000000000000</value>
 			<value>1</value>
 			<value>127.0.0.1</value>
 			<value>anonymous user agent</value>
 			<value>0</value>
+			<value></value>
+			<value>1500000005</value>
 		</row>
 		<row>
 			<value>bar_session000000000000000000000</value>
@@ -31,6 +47,35 @@
 			<value>127.0.0.1</value>
 			<value>user agent</value>
 			<value>1</value>
+			<value>newpage_user_bar.php</value>
+			<value>1500000000</value>
+		</row>
+		<row>
+			<value>bar_session000000000000000000002</value>
+			<value>4</value>
+			<value>127.0.0.1</value>
+			<value>user agent</value>
+			<value>1</value>
+			<value>oldpage_user_bar.php</value>
+			<value>1400000000</value>
+		</row>
+		<row>
+			<value>foo_session000000000000000000000</value>
+			<value>5</value>
+			<value>127.0.0.1</value>
+			<value>user agent</value>
+			<value>0</value>
+			<value>newpage_user_foo.php</value>
+			<value>1500000000</value>
+		</row>
+		<row>
+			<value>foo_session000000000000000000002</value>
+			<value>5</value>
+			<value>127.0.0.1</value>
+			<value>user agent</value>
+			<value>0</value>
+			<value>oldpage_user_foo.php</value>
+			<value>1400000000</value>
 		</row>
 	</table>
 	<table name="phpbb_login_attempts">
diff --git a/tests/session/garbage_collection_test.php b/tests/session/garbage_collection_test.php
index d361e022da..ec248b2904 100644
--- a/tests/session/garbage_collection_test.php
+++ b/tests/session/garbage_collection_test.php
@@ -41,19 +41,91 @@ class phpbb_session_garbage_collection_test extends phpbb_session_test_case
 		);
 	}
 
+	public function test_session_gc()
+	{
+		global $config;
+		$config['session_length'] = 3600;
+
+		$this->check_expired_sessions_recent(
+			[
+				[
+					'session_user_id' => 4,
+					'recent_time' => 1500000000,
+				],
+				[
+					'session_user_id' => 5,
+					'recent_time' => 1500000000,
+				],
+			],
+			'Before test, should get recent expired sessions only.'
+		);
+
+		$this->check_user_session_data(
+			[
+				[
+					'username_clean' => 'bar',
+					'user_lastvisit' => 1400000000,
+					'user_lastpage' => 'oldpage_user_bar.php',
+				],
+				[
+					'username_clean' => 'foo',
+					'user_lastvisit' => 1400000000,
+					'user_lastpage' => 'oldpage_user_foo.php',
+				],
+			],
+			'Before test, users session data is not updated yet.'
+		);
+
+		// There is an error unless the captcha plugin is set
+		$config['captcha_plugin'] = 'core.captcha.plugins.nogd';
+		$this->session->session_gc();
+		$this->check_expired_sessions_recent(
+			[],
+			'After garbage collection, all expired sessions should be removed.'
+		);
+
+		$this->check_user_session_data(
+			[
+				[
+					'username_clean' => 'bar',
+					'user_lastvisit' => '1500000000',
+					'user_lastpage' => 'newpage_user_bar.php',
+				],
+				[
+					'username_clean' => 'foo',
+					'user_lastvisit' => '1500000000',
+					'user_lastpage' => 'newpage_user_foo.php',
+				],
+			],
+			'After garbage collection, users session data should be updated to the recent expired sessions data.'
+		);
+	}
+
 	public function test_cleanup_all()
 	{
 		$this->check_sessions_equals(
-			array(
-				array(
+			[
+				[
 					'session_id' => 'anon_session00000000000000000000',
 					'session_user_id' => 1,
-				),
-				array(
+				],
+				[
 					'session_id' => 'bar_session000000000000000000000',
 					'session_user_id' => 4,
-				),
-			),
+				],
+				[
+					'session_id' => 'bar_session000000000000000000002',
+					'session_user_id' => 4,
+				],
+				[
+					'session_id' => 'foo_session000000000000000000000',
+					'session_user_id' => 5,
+				],
+				[
+					'session_id' => 'foo_session000000000000000000002',
+					'session_user_id' => 5,
+				],
+			],
 			'Before test, should have some sessions.'
 		);
 		// Set session length so it clears all
@@ -63,7 +135,7 @@ class phpbb_session_garbage_collection_test extends phpbb_session_test_case
 		$config['captcha_plugin'] = 'core.captcha.plugins.nogd';
 		$this->session->session_gc();
 		$this->check_sessions_equals(
-			array(),
+			[],
 			'After setting session time to 0, should remove all.'
 		);
 	}
diff --git a/tests/test_framework/phpbb_session_test_case.php b/tests/test_framework/phpbb_session_test_case.php
index 02722c473e..530d8c6b48 100644
--- a/tests/test_framework/phpbb_session_test_case.php
+++ b/tests/test_framework/phpbb_session_test_case.php
@@ -48,11 +48,33 @@ abstract class phpbb_session_test_case extends phpbb_database_test_case
 			new phpbb_session_testable_facade($this->db, $this->session_factory);
 	}
 
+	protected function check_user_session_data($expected_session_data, $message)
+	{
+		$sql= 'SELECT username_clean, user_lastvisit, user_lastpage
+			FROM ' . USERS_TABLE . '
+			ORDER BY user_id';
+
+		$this->assertSqlResultEquals($expected_session_data, $sql, $message);
+	}
+
+	protected function check_expired_sessions_recent($expected_sessions, $message)
+	{
+		global $config;
+		$time_now = time();
+		$sql = 'SELECT session_user_id, MAX(session_time) AS recent_time
+			FROM ' . SESSIONS_TABLE . '
+			WHERE session_time < ' . ($time_now - (int) $config['session_length']) . '
+				AND session_user_id <> ' . ANONYMOUS . '
+			GROUP BY session_user_id';
+
+		$this->assertSqlResultEquals($expected_sessions, $sql, $message);
+	}
+
 	protected function check_sessions_equals($expected_sessions, $message)
 	{
 		$sql = 'SELECT session_id, session_user_id
 				FROM phpbb_sessions
-				ORDER BY session_user_id';
+				ORDER BY session_user_id, session_id';
 
 		$this->assertSqlResultEquals($expected_sessions, $sql, $message);
 	}
author	Marc Alexander <admin@m-a-styles.de>	2019-12-15 20:26:01 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2019-12-15 20:26:01 +0100
commit	bcc90133a88a4d9536ae715c40f0b5d08dbd659d (patch)
tree	8ff0e66344fb9e5bb7f6d9d5ccf445874812946c /tests
parent	611b3c4e4641d42ebe5d3225aaa8f7305a3380f9 (diff)
parent	7ea063100e23234bf0d6a79fd0411e956a1b6668 (diff)
download	forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar.gz forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar.bz2 forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.tar.xz forums-bcc90133a88a4d9536ae715c40f0b5d08dbd659d.zip