Fixing AuthComponent tests

src/Controller/Component/AuthComponent.php

@@ -105,10 +105,9 @@ class AuthComponent extends Component {
  *   request is made with an invalid or expired session.
  *
  * - `flash` - Settings to use when Auth needs to do a flash message with
- *   SessionComponent::setFlash(). Available keys are:
+ *   Session::flash(). Available keys are:
  *
- *   - `element` - The element to use, defaults to 'default'.
- *   - `key` - The key to use, defaults to 'auth'
+ *   - `key` - The message domain to use for flashes generated by this component, defaults to 'auth'.
  *   - `params` - The array of additional params to use, defaults to []
  *
  * - `loginAction` - A URL (defined as a string or array) to the controller action
@@ -208,18 +207,18 @@ class AuthComponent extends Component {
 	public $response;
 
 /**
- * Method list for bound controller.
+ * Instance of the Session object
  *
- * @var array
+ * @return void
  */
-	protected $_methods = array();
+	public $session;
 
 /**
- * Instance of the Session object
+ * Method list for bound controller.
  *
- * @return void
+ * @var array
  */
-	protected $_session;
+	protected $_methods = array();
 
 /**
  * Initializes AuthComponent for use in the controller.
@@ -232,7 +231,7 @@ class AuthComponent extends Component {
 		$this->request = $controller->request;
 		$this->response = $controller->response;
 		$this->_methods = $controller->methods;
-		$this->_session = $controller->request->session();
+		$this->session = $controller->request->session();
 
 		if (Configure::read('debug')) {
 			Debugger::checkSecurityKeys();
@@ -331,17 +330,17 @@ class AuthComponent extends Component {
 
 		if ($this->_isLoginAction($controller)) {
 			if (empty($controller->request->data) &&
-				!$this->_session->check('Auth.redirect') &&
+				!$this->session->check('Auth.redirect') &&
 				$this->request->env('HTTP_REFERER')
 			) {
-				$this->_session->write('Auth.redirect', $controller->referer(null, true));
+				$this->session->write('Auth.redirect', $controller->referer(null, true));
 			}
 			return;
 		}
 
 		if (!$controller->request->is('ajax')) {
 			$this->flash($this->_config['authError']);
-			$this->_session->write('Auth.redirect', $controller->request->here(false));
+			$this->session->write('Auth.redirect', $controller->request->here(false));
 			return $controller->redirect($this->_config['loginAction']);
 		}
 
@@ -583,8 +582,8 @@ class AuthComponent extends Component {
 			$user = $this->identify($this->request, $this->response);
 		}
 		if ($user) {
-			$this->_session->renew();
-			$this->_session->write($this->_sessionKey, $user);
+			$this->session->renew();
+			$this->session->write($this->sessionKey, $user);
 		}
 		return (bool)$this->user();
 	}
@@ -610,9 +609,9 @@ class AuthComponent extends Component {
 		foreach ($this->_authenticateObjects as $auth) {
 			$auth->logout($user);
 		}
-		$this->_session->delete($this->sessionKey);
-		$this->_session->delete('Auth.redirect');
-		$this->_session->renew();
+		$this->session->delete($this->sessionKey);
+		$this->session->delete('Auth.redirect');
+		$this->session->renew();
 		return Router::normalize($this->_config['logoutRedirect']);
 	}
 
@@ -630,8 +629,8 @@ class AuthComponent extends Component {
 	public function user($key = null) {
 		if (!empty($this->_user)) {
 			$user = $this->_user;
-		} elseif ($this->_sessionKey && $this->_session->check($this->sessionKey)) {
-			$user = $this->_session->read($this->_sessionKey);
+		} elseif ($this->sessionKey && $this->session->check($this->sessionKey)) {
+			$user = $this->session->read($this->sessionKey);
 		} else {
 			return null;
 		}
@@ -650,7 +649,7 @@ class AuthComponent extends Component {
 	protected function _getUser() {
 		$user = $this->user();
 		if ($user) {
-			$this->_session->delete('Auth.redirect');
+			$this->session->delete('Auth.redirect');
 			return true;
 		}
 
@@ -689,10 +688,10 @@ class AuthComponent extends Component {
 	public function redirectUrl($url = null) {
 		if ($url !== null) {
 			$redir = $url;
-			$this->_session->write('Auth.redirect', $redir);
-		} elseif ($this->_session->check('Auth.redirect')) {
-			$redir = $this->_session->read('Auth.redirect');
-			$this->_session->delete('Auth.redirect');
+			$this->session->write('Auth.redirect', $redir);
+		} elseif ($this->session->check('Auth.redirect')) {
+			$redir = $this->session->read('Auth.redirect');
+			$this->session->delete('Auth.redirect');
 
 			if (Router::normalize($redir) === Router::normalize($this->_config['loginAction'])) {
 				$redir = $this->_config['loginRedirect'];
@@ -770,17 +769,13 @@ class AuthComponent extends Component {
  * @param string $message The message to set.
  * @return void
  */
-	public function flash($message) {
+	public function flash($message, $type = 'error') {
 		if ($message === false) {
 			return;
 		}
 		$flashConfig = $this->_config['flash'];
-		$this->_session->setFlash(
-			$message,
-			$flashConfig['element'],
-			$flashConfig['params'],
-			$flashConfig['key']
-		);
+		$key = $flashConfig['key'];
+		$this->session->flash($message, 'error', $flashConfig['params'] + compact('key'));
 	}
 
 }

src/Network/Request.php

@@ -440,10 +440,17 @@ class Request implements \ArrayAccess {
 /**
  * Returns the instance of the Session object for this request
  *
+ * If a session obkect is passed as first argument it will be set as
+ * the session to use for this request
+ *
+ * @param \Cake\Network\Session $session the session object to use
  * @return \Cake\Network\Session
  */
-	public function session() {
-		return $this->_session;
+	public function session(Session $session = null) {
+		if ($session === null) {
+			return $this->_session;
+		}
+		return $this->_session = $session;
 	}
 
 /**

src/Network/Session.php

@@ -486,7 +486,9 @@ class Session {
  * @return bool
  */
 	protected function _hasSession() {
-		return !ini_get('session.use_cookies') || isset($_COOKIE[session_name()]);
+		return !ini_get('session.use_cookies')
+			|| isset($_COOKIE[session_name()])
+			|| php_sapi_name() === 'cli';
 	}
 
 /**
@@ -495,7 +497,7 @@ class Session {
  * @return void
  */
 	public function renew() {
-		if (!$this->_hasSession()) {
+		if (!$this->_hasSession() ||  php_sapi_name() === 'cli') {
 			return;
 		}
 

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -71,7 +71,7 @@ class AuthComponentTest extends TestCase {
 		Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
 		Configure::write('App.namespace', 'TestApp');
 
-		$request = new Request();
+		$request = new Request(['session' => new Session()]);
 		$response = $this->getMock('Cake\Network\Response', array('stop'));
 
 		$this->Controller = new AuthTestController($request, $response);
@@ -80,7 +80,8 @@ class AuthComponentTest extends TestCase {
 		$this->Auth = new TestAuthComponent($this->Controller->components());
 		$this->Auth->request = $request;
 		$this->Auth->response = $response;
-		AuthComponent::$sessionKey = 'Auth.User';
+		$this->Auth->sessionKey = 'Auth.User';
+		$this->Auth->session = $request->session();
 
 		$this->initialized = true;
 		Router::reload();
@@ -98,9 +99,7 @@ class AuthComponentTest extends TestCase {
 	public function tearDown() {
 		parent::tearDown();
 
-		TestAuthComponent::clearUser();
-		$this->Auth->Session->delete('Auth');
-		$this->Auth->Session->delete('Message.auth');
+		$_SESSION = [];
 		unset($this->Controller, $this->Auth);
 	}
 
@@ -145,8 +144,8 @@ class AuthComponentTest extends TestCase {
 				'userModel' => 'AuthUsers'
 			)
 		);
-		$this->Auth->Session = $this->getMock(
-			'Cake\Controller\Component\SessionComponent',
+		$this->Auth->session = $this->getMock(
+			'Cake\Network\Session',
 			array('renew'), array(), '', false
 		);
 
@@ -169,7 +168,7 @@ class AuthComponentTest extends TestCase {
 			->with($this->Auth->request)
 			->will($this->returnValue($user));
 
-		$this->Auth->Session->expects($this->once())
+		$this->Auth->session->expects($this->once())
 			->method('renew');
 
 		$result = $this->Auth->login();
@@ -552,11 +551,11 @@ class AuthComponentTest extends TestCase {
 		$expected = Router::normalize($this->Auth->config('loginRedirect'));
 		$this->assertEquals($expected, $this->Auth->redirectUrl());
 
-		$this->Auth->Session->delete('Auth');
+		$this->Auth->session->delete('Auth');
 
 		$url = '/posts/view/1';
 
-		$this->Auth->Session->write('Auth', array(
+		$this->Auth->session->write('Auth', array(
 			'AuthUsers' => array('id' => '1', 'username' => 'nate'))
 		);
 		$this->Controller->testUrl = null;
@@ -576,8 +575,8 @@ class AuthComponentTest extends TestCase {
 		$expected = Router::normalize('/AuthTest/login');
 		$this->assertEquals($expected, $this->Controller->testUrl);
 
-		$this->Auth->Session->delete('Auth');
-		$this->Auth->Session->write('Auth', array(
+		$this->Auth->session->delete('Auth');
+		$this->Auth->session->write('Auth', array(
 			'AuthUsers' => array('id' => '1', 'username' => 'nate')
 		));
 		$this->Auth->request->params['action'] = 'login';
@@ -637,6 +636,7 @@ class AuthComponentTest extends TestCase {
 
 		$url = '/posts/add';
 		$this->Auth->request = $this->Controller->request = new Request($url);
+		$this->Controller->request->session(new Session());
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->request->url = Router::normalize($url);
 
@@ -658,6 +658,7 @@ class AuthComponentTest extends TestCase {
 		$request->env('HTTP_REFERER', 'http://webmail.example.com/view/message');
 		$request->query = array();
 		$this->Auth->request = $this->Controller->request = $request;
+		$this->Controller->request->session(new Session());
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
 		$event = new Event('Controller.initialize', $this->Controller);
@@ -675,6 +676,7 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request->env('HTTP_REFERER', 'http://webmail.example.com/view/message');
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->request->url = Router::normalize($url);
+		$this->Auth->request->session(new Session());
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
 		$this->Auth->config('loginAction', ['controller' => 'AuthTest', 'action' => 'login']);
@@ -720,6 +722,7 @@ class AuthComponentTest extends TestCase {
 	public function testDefaultToLoginRedirect() {
 		$url = '/party/on';
 		$this->Auth->request = $Request = new Request($url);
+		$this->Auth->request->session(new Session());
 		$Request->env('HTTP_REFERER', false);
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->config('authorize', ['Controller']);
@@ -750,7 +753,14 @@ class AuthComponentTest extends TestCase {
  */
 	public function testRedirectToUnauthorizedRedirect() {
 		$url = '/party/on';
-		$this->Auth->request = $request = new Request($url);
+		$this->Auth->session = $this->getMock(
+			'Cake\Network\Session',
+			array('flash')
+		);
+		$this->Auth->request = $request = new Request([
+			'url' => $url,
+			'session' => $this->Auth->session
+		]);
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->config('authorize', ['Controller']);
 		$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
@@ -764,18 +774,13 @@ class AuthComponentTest extends TestCase {
 			array('on', 'redirect'),
 			array($request, $response)
 		);
-		$this->Auth->Session = $this->getMock(
-			'Cake\Controller\Component\SessionComponent',
-			array('setFlash'),
-			array($Controller->components())
-		);
 
 		$Controller->expects($this->once())
 			->method('redirect')
 			->with($this->equalTo($expected));
 
-		$this->Auth->Session->expects($this->once())
-			->method('setFlash');
+		$this->Auth->session->expects($this->once())
+			->method('flash');
 
 		$event = new Event('Controller.startup', $Controller);
 		$this->Auth->startup($event);
@@ -922,7 +927,8 @@ class AuthComponentTest extends TestCase {
 	public function testAjaxLogin() {
 		$this->Controller->request = new Request([
 			'url' => '/ajax_auth/add',
-			'environment' => ['HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']
+			'environment' => ['HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'],
+			'session' => new Session
 		]);
 		$this->Controller->request->params['action'] = 'add';
 
@@ -1141,17 +1147,13 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testFlashSettings() {
-		$this->Auth->Session = $this->getMock(
-			'Cake\Controller\Component\SessionComponent',
-			array(), array(), '', false
-		);
-		$this->Auth->Session->expects($this->once())
-			->method('setFlash')
-			->with('Auth failure', 'custom', array(1), 'auth-key');
+		$this->Auth->session = $this->getMock('Cake\Network\Session');
+		$this->Auth->session->expects($this->once())
+			->method('flash')
+			->with('Auth failure', 'error', array('key' => 'auth-key', 'element' => 'custom'));
 
 		$this->Auth->config('flash', [
-			'element' => 'custom',
-			'params' => array(1),
+			'params' => array('element' => 'custom'),
 			'key' => 'auth-key'
 		]);
 		$this->Auth->flash('Auth failure');
@@ -1299,14 +1301,10 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testStatelessAuthNoRedirect() {
-		if (Session::id()) {
-			session_destroy();
-			Session::$id = null;
-		}
 		$event = new Event('Controller.startup', $this->Controller);
-		$_SESSION = null;
+		$_SESSION = [];
 
-		AuthComponent::$sessionKey = false;
+		$this->sessionKey = false;
 		$this->Auth->config('authenticate', ['Basic']);
 		$this->Controller->request['action'] = 'admin_add';
 
@@ -1314,33 +1312,6 @@ class AuthComponentTest extends TestCase {
 	}
 
 /**
- * testStatelessAuthNoSessionStart method
- *
- * @return void
- */
-	public function testStatelessAuthNoSessionStart() {
-		if (Session::id()) {
-			session_destroy();
-			Session::$id = null;
-		}
-		$event = new Event('Controller.startup', $this->Controller);
-
-		AuthComponent::$sessionKey = false;
-		$this->Auth->config('authenticate', [
-			'Basic' => array('userModel' => 'AuthUsers')
-		]);
-		$this->Controller->request['action'] = 'admin_add';
-
-		$this->Controller->request->env('PHP_AUTH_USER', 'mariano');
-		$this->Controller->request->env('PHP_AUTH_PW', 'cake');
-
-		$result = $this->Auth->startup($event);
-		$this->assertNull($result);
-
-		$this->assertNull(Session::id());
-	}
-
-/**
  * testStatelessAuthRedirect method
  *
  * @return void

tests/test_app/TestApp/Controller/Component/TestAuthComponent.php

@@ -43,8 +43,4 @@ class TestAuthComponent extends AuthComponent {
 		$this->_authorizeObjects[$index] = $object;
 	}
 
-	public static function clearUser() {
-		static::$_user = array();
-	}
-
 }