diff --git a/src/Controller/Component/AuthenticationComponent.php b/src/Controller/Component/AuthenticationComponent.php index 25b7c5fb..40e5921f 100644 --- a/src/Controller/Component/AuthenticationComponent.php +++ b/src/Controller/Component/AuthenticationComponent.php @@ -280,7 +280,11 @@ public function setIdentity(ArrayAccess $identity) $controller = $this->getController(); $service = $this->getAuthenticationService(); - $service->clearIdentity($controller->getRequest(), $controller->getResponse()); + /** @psalm-var array{request: \Cake\Http\ServerRequest, response: \Cake\Http\Response} $result */ + $result = $service->clearIdentity($controller->getRequest(), $controller->getResponse()); + + $controller->setRequest($result['request']); + $controller->setResponse($result['response']); /** @psalm-var array{request: \Cake\Http\ServerRequest, response: \Cake\Http\Response} $result */ $result = $service->persistIdentity( diff --git a/tests/TestCase/Controller/Component/AuthenticationComponentTest.php b/tests/TestCase/Controller/Component/AuthenticationComponentTest.php index 231ebf66..391b057a 100644 --- a/tests/TestCase/Controller/Component/AuthenticationComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthenticationComponentTest.php @@ -258,6 +258,63 @@ public function testSetIdentityOverwrite() ); } + public function testSetIdentityWithCookieAuthDoNotRememberMe() + { + $service = new AuthenticationService([ + 'identifiers' => [ + 'Authentication.Password', + ], + 'authenticators' => [ + 'Authentication.Session', + 'Authentication.Form', + 'Authentication.Cookie', + ], + ]); + $request = $this->request->withAttribute('authentication', $service) + ->withData('remember_me', 0); + + $controller = new Controller($request, $this->response); + $registry = new ComponentRegistry($controller); + $component = new AuthenticationComponent($registry); + + $component->setIdentity($this->identityData); + $result = $component->getIdentity(); + $this->assertSame($this->identityData, $result->getOriginalData()); + $expectedCookieHeader = [ + 'CookieAuth=; expires=Thu, 01-Jan-1970 00:00:01 GMT+0000; path=/', + ]; + $actualCookieHeader = $controller->getResponse()->getHeader('Set-Cookie'); + $this->assertSame($expectedCookieHeader, $actualCookieHeader); + } + + public function testSetIdentityWithCookieAuthRememberMe() + { + $service = new AuthenticationService([ + 'identifiers' => [ + 'Authentication.Password', + ], + 'authenticators' => [ + 'Authentication.Session', + 'Authentication.Form', + 'Authentication.Cookie', + ], + ]); + $request = $this->request->withAttribute('authentication', $service) + ->withData('remember_me', 1); + + $controller = new Controller($request, $this->response); + $registry = new ComponentRegistry($controller); + $component = new AuthenticationComponent($registry); + + $component->setIdentity($this->identityData); + $result = $component->getIdentity(); + $this->assertSame($this->identityData, $result->getOriginalData()); + $actualCookieHeader = $controller->getResponse()->getHeader('Set-Cookie'); + $this->assertCount(2, $actualCookieHeader); + $this->assertStringContainsString('CookieAuth=', $actualCookieHeader[1]); + $this->assertStringNotContainsString('expires=Thu, 01-Jan-1970 00:00:01 GMT+0000;', $actualCookieHeader[1]); + } + /** * testGetIdentity *