From c3b3ec1be545d3057a0975444623d0bc5ede4078 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Thu, 13 Oct 2016 11:18:33 +0100
Subject: [PATCH] Issue #2575829 by znerol: Hash session id before using it as
a cache context
---
.../Cache/Context/SessionCacheContext.php | 5 +-
.../Cache/Context/SessionCacheContextTest.php | 85 +++++++++++++++++++
2 files changed, 89 insertions(+), 1 deletion(-)
create mode 100644 core/tests/Drupal/Tests/Core/Cache/Context/SessionCacheContextTest.php
diff --git a/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php b/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php
index f93e3a5f9e30..c8b102717d53 100644
--- a/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php
+++ b/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php
@@ -2,6 +2,8 @@
namespace Drupal\Core\Cache\Context;
+use Drupal\Component\Utility\Crypt;
+
/**
* Defines the SessionCacheContext service, for "per session" caching.
*
@@ -20,7 +22,8 @@ public static function getLabel() {
* {@inheritdoc}
*/
public function getContext() {
- return $this->requestStack->getCurrentRequest()->getSession()->getId();
+ $sid = $this->requestStack->getCurrentRequest()->getSession()->getId();
+ return Crypt::hashBase64($sid);
}
}
diff --git a/core/tests/Drupal/Tests/Core/Cache/Context/SessionCacheContextTest.php b/core/tests/Drupal/Tests/Core/Cache/Context/SessionCacheContextTest.php
new file mode 100644
index 000000000000..b621b2dacacf
--- /dev/null
+++ b/core/tests/Drupal/Tests/Core/Cache/Context/SessionCacheContextTest.php
@@ -0,0 +1,85 @@
+<?php
+
+namespace Drupal\Tests\Core\Cache\Context;
+
+use Drupal\Core\Cache\Context\SessionCacheContext;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
+
+/**
+ * @coversDefaultClass \Drupal\Core\Cache\Context\SessionCacheContext
+ * @group Cache
+ */
+class SessionCacheContextTest extends \PHPUnit_Framework_TestCase {
+
+ /**
+ * The request stack.
+ *
+ * @var \Symfony\Component\HttpFoundation\RequestStack
+ */
+ protected $requestStack;
+
+ /**
+ * The session object.
+ *
+ * @var \Symfony\Component\HttpFoundation\Session\SessionInterface|\PHPUnit_Framework_MockObject_MockObject
+ */
+ protected $session;
+
+ /**
+ * The session cache context.
+ *
+ * @var \Drupal\Core\Cache\Context\SessionCacheContext
+ */
+ protected $cacheContext;
+
+ public function setUp() {
+ $request = new Request();
+
+ $this->requestStack = new RequestStack();
+ $this->requestStack->push($request);
+
+ $this->session = $this->getMock('\Symfony\Component\HttpFoundation\Session\SessionInterface');
+ $request->setSession($this->session);
+
+ $this->cacheContext = new SessionCacheContext($this->requestStack);
+ }
+
+ /**
+ * @covers ::getContext
+ */
+ public function testSameContextForSameSession() {
+ $session_id = 'aSebeZ52bbM6SvADurQP89SFnEpxY6j8';
+ $this->session->expects($this->exactly(2))
+ ->method('getId')
+ ->will($this->returnValue($session_id));
+
+ $context1 = $this->cacheContext->getContext();
+ $context2 = $this->cacheContext->getContext();
+ $this->assertSame($context1, $context2);
+ $this->assertSame(FALSE, strpos($context1, $session_id), 'Session ID not contained in cache context');
+ }
+
+ /**
+ * @covers ::getContext
+ */
+ public function testDifferentContextForDifferentSession() {
+ $session1_id = 'pjH_8aSoofyCDQiuVYXJcbfyr-CPtkUY';
+ $this->session->expects($this->at(0))
+ ->method('getId')
+ ->will($this->returnValue($session1_id));
+
+ $session2_id = 'aSebeZ52bbM6SvADurQP89SFnEpxY6j8';
+ $this->session->expects($this->at(1))
+ ->method('getId')
+ ->will($this->returnValue($session2_id));
+
+ $context1 = $this->cacheContext->getContext();
+ $context2 = $this->cacheContext->getContext();
+ $this->assertNotEquals($context1, $context2);
+
+ $this->assertSame(FALSE, strpos($context1, $session1_id), 'Session ID not contained in cache context');
+ $this->assertSame(FALSE, strpos($context2, $session2_id), 'Session ID not contained in cache context');
+ }
+
+}
--
GitLab