Optimization: no need to check session container when checking if the…

… token needs refresh * an empty or invalid token will produce an empty session container * an empty session container, if not changed, will not be refreshed * a valid token with an empty session will be left to expire anyway * a valid token with a non-empty session will be refreshed This also removes a mutation that caused our CI to fail: ``` 1) /home/ocramius/Documents/psr7-sessions/storageless/src/Storageless/Http/SessionMiddleware.php:215 [M] NotIdentical --- Original +++ New @@ @@ { $refreshTime = $this->clock->now()->sub(new DateInterval(sprintf('PT%sS', $this->refreshTime))); assert($refreshTime !== false); - return $token !== null && $token->hasBeenIssuedBefore($refreshTime); + return $token === null && $token->hasBeenIssuedBefore($refreshTime); } /** @throws BadMethodCallException */ private function getTokenCookie(SessionInterface $sessionContainer) : SetCookie [warning] Dashboard report has not been sent: The current process is not executed in a CI build Time: 9s. Memory: 0.10GB [ERROR] The minimum required MSI percentage should be 100%, but actual is 97.3%. Improve your tests! ```
psr7-sessions · Oct 31, 2022 · 7b0cb46 · 7b0cb46
1 parent fa90bbb
commit 7b0cb46
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 3 deletions.
diff --git a/src/Storageless/Http/SessionMiddleware.php b/src/Storageless/Http/SessionMiddleware.php
@@ -199,7 +199,7 @@ private function appendToken(SessionInterface $sessionContainer, Response $respo
             return FigResponseCookies::set($response, $this->getExpirationCookie());
         }
 
-        if ($sessionContainerChanged || ($this->shouldTokenBeRefreshed($token) && ! $sessionContainer->isEmpty())) {
+        if ($sessionContainerChanged || $this->shouldTokenBeRefreshed($token)) {
             return FigResponseCookies::set($response, $this->getTokenCookie($sessionContainer));
         }
 
@@ -208,12 +208,15 @@ private function appendToken(SessionInterface $sessionContainer, Response $respo
 
     private function shouldTokenBeRefreshed(Token|null $token): bool
     {
+        if ($token === null) {
+            return false;
+        }
+
         $refreshTime = $this->clock->now()->sub(new DateInterval(sprintf('PT%sS', $this->refreshTime)));
 
         assert($refreshTime !== false);
 
-        return $token !== null
-            && $token->hasBeenIssuedBefore($refreshTime);
+        return $token->hasBeenIssuedBefore($refreshTime);
     }
 
     /** @throws BadMethodCallException */

diff --git a/test/StoragelessTest/Http/SessionMiddlewareTest.php b/test/StoragelessTest/Http/SessionMiddlewareTest.php
@@ -367,6 +367,33 @@ public function testWillRefreshTokenWithIssuedAtExactlyAtTokenRefreshTimeThresho
         self::assertEquals($now, $token->claims()->get(RegisteredClaims::ISSUED_AT), 'Token was refreshed');
     }
 
+    public function testWillNotRefreshATokenForARequestWithNoGivenTokenAndNoSessionModification(): void
+    {
+        $key        = self::makeRandomSymmetricKey();
+        $middleware = new SessionMiddleware(
+            Configuration::forAsymmetricSigner(
+                new Sha256(),
+                $key,
+                $key,
+            ),
+            SetCookie::create(SessionMiddleware::DEFAULT_COOKIE),
+            1000,
+            new FrozenClock(new DateTimeImmutable()),
+            100,
+        );
+
+        self::assertNull(
+            $this
+                ->getCookie($middleware->process(
+                    (new ServerRequest())
+                        ->withCookieParams([SessionMiddleware::DEFAULT_COOKIE => 'invalid-token']),
+                    $this->fakeDelegate(static fn (): ResponseInterface => new Response()),
+                ))
+                ->getValue(),
+            'No session cookie was set, since session data was not changed, and the token was not valid',
+        );
+    }
+
     /**
      * @param callable(): SessionMiddleware $middlewareFactory
      *