From 4fafa8ae5a7bcd700f368bbe6016e0b0fb2cc892 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 27 Dec 2017 15:43:33 +0100 Subject: Implement simulation mode for cookies (de/en)cryption This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted). --- ...rypt_cookies_invalid_decryption_simulation.phpt | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 src/tests/encrypt_cookies_invalid_decryption_simulation.phpt (limited to 'src/tests/encrypt_cookies_invalid_decryption_simulation.phpt') diff --git a/src/tests/encrypt_cookies_invalid_decryption_simulation.phpt b/src/tests/encrypt_cookies_invalid_decryption_simulation.phpt new file mode 100644 index 0000000..0bd1dc8 --- /dev/null +++ b/src/tests/encrypt_cookies_invalid_decryption_simulation.phpt @@ -0,0 +1,27 @@ +--TEST-- +Cookie encryption - invalid decryption in simulation mode +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_encrypted_cookies_simulation.ini +display_errors=1 +display_startup_errors=1 +error_reporting=E_ALL +--COOKIE-- +super_cookie=Wk9NR1RISVNJU05PVEVOQ1JZUFRFREFUQUxMV0hBVFRIRUhFTExJU0hIRUxMQVJFWU9VRE9JTkdaT01Hb2htYXliZXRoaXNpc2Fub2xkc2Vzc2lvbmNvb2tpZQo=;awfulcookie=awfulcookievalue; +--ENV-- +return << +--EXPECT-- +1337 +array(2) { + ["super_cookie"]=> + string(124) "Wk9NR1RISVNJU05PVEVOQ1JZUFRFREFUQUxMV0hBVFRIRUhFTExJU0hIRUxMQVJFWU9VRE9JTkdaT01Hb2htYXliZXRoaXNpc2Fub2xkc2Vzc2lvbmNvb2tpZQo=" + ["awfulcookie"]=> + string(16) "awfulcookievalue" +} -- cgit v1.3