Add tests covering sessionauthenticator refresing the identity

Refs #596

Author: markstory

src/Authenticator/SessionAuthenticator.php

@@ -30,7 +30,9 @@ class SessionAuthenticator extends AbstractAuthenticator implements PersistenceI
      * Default config for this object.
      * - `fields` The fields to use to verify a user by.
      * - `sessionKey` Session key.
-     * - `identify` Whether or not to identify user data stored in a session.
+     * - `identify` Whether or not to identify user data stored in a session. This is
+     *   useful if you want to remotely end sessions that have a different password stored,
+     *   or if your identification logic needs additional conditions before a user can login.
      *
      * @var array
      */

tests/TestCase/AuthenticationServiceTest.php

@@ -31,6 +31,7 @@
 use Cake\Http\ServerRequest;
 use Cake\Http\ServerRequestFactory;
 use Cake\Http\Uri;
+use Cake\I18n\FrozenTime;
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -134,6 +135,58 @@ public function testAuthenticateWithChallengeDisabled()
         $this->assertFalse($result->isValid());
     }
 
+    /**
+     * Integration test for session auth + identify always getting a fresh user record.
+     *
+     * @return void
+     */
+    public function testAuthenticationWithSessionIdentify()
+    {
+        $users = $this->fetchTable('Users');
+        $user = $users->get(1);
+
+        $request = ServerRequestFactory::fromGlobals([
+            'SERVER_NAME' => 'example.com',
+            'REQUEST_URI' => '/testpath',
+        ]);
+        $request->getSession()->write('Auth', [
+            'username' => $user->username,
+            'password' => $user->password,
+        ]);
+
+        $factory = function () {
+            return new AuthenticationService([
+                'identifiers' => [
+                    'Authentication.Password',
+                ],
+                'authenticators' => [
+                    'Authentication.Session' => [
+                        'identify' => true,
+                    ],
+                ],
+            ]);
+        };
+        $service = $factory();
+        $result = $service->authenticate($request);
+        $this->assertTrue($result->isValid());
+
+        $dateValue = new FrozenTime('2022-01-01 10:11:12');
+        $identity = $result->getData();
+        $this->assertEquals($identity->username, $user->username);
+        $this->assertNotEquals($identity->created, $dateValue);
+
+        // Update the user so that we can ensure session is reading from the db.
+        $user->created = $dateValue;
+        $users->saveOrFail($user);
+
+        $service = $factory();
+        $result = $service->authenticate($request);
+        $this->assertTrue($result->isValid());
+        $identity = $result->getData();
+        $this->assertEquals($identity->username, $user->username);
+        $this->assertEquals($identity->created, $dateValue);
+    }
+
     /**
      * testLoadAuthenticatorException
      */