Merged in bugfix/PMCORE-1952 (pull request #7439)

PMCORE-1952 Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com> Approved-by: Paula Quispe <paula.quispe@processmaker.com>
2020-07-31 18:43:33 +00:00
parent 08bb8bbd14 554b5bb33d
commit 0956583958
2 changed files with 41 additions and 0 deletions
--- a/tests/unit/workflow/engine/classes/PmDynaformTest.php
+++ b/tests/unit/workflow/engine/classes/PmDynaformTest.php
@@ -1182,6 +1182,36 @@ class PmDynaformTest extends TestCase
        $this->assertObjectHasAttribute('id', $result);
        $this->assertEquals($result->id, 'stateDropdown');
    }
+
+    /**
+     * This check that the method getCredentials is destroying correctly the session variable "USER_LOGGED" for
+     * not authenticated users
+     * @test
+     * @covers PmDynaform::getCredentials()
+     */
+    public function it_should_test_get_credentials_destroy_user_logged_if_not_authenticated_user()
+    {
+        // Set the request URI, this is required by the method "getCredentials"
+        $_SERVER['REQUEST_URI'] = '/sysworkflow/en/neoclassic/tracker/tracker_Show';
+
+        // Destroy variable for "USER_LOGGED" if exists
+        unset($_SESSION['USER_LOGGED']);
+
+        // Create a new instance of the class for the first time
+        $pmDynaform = new PmDynaform();
+
+        // Call method "getCredentials"
+        $pmDynaform->getCredentials();
+
+        // Session variable for "USER_LOGGED" should be empty
+        $this->assertTrue(empty($_SESSION['USER_LOGGED']));
+
+        // Create a new instance of the class for the second time
+        $pmDynaform = new PmDynaform();
+
+        // Session variable for "USER_LOGGED" should be empty
+        $this->assertTrue(empty($_SESSION['USER_LOGGED']));
+    }
 }

 // Dummy function used for the coverture
--- a/workflow/engine/classes/PmDynaform.php
+++ b/workflow/engine/classes/PmDynaform.php
@@ -229,6 +229,10 @@ class PmDynaform
            $flagTrackerUser = true;
        }
        if ($this->credentials != null) {
+            // Destroy variable "USER_LOGGED" in session if is a not authenticated user
+            if ($flagTrackerUser) {
+                unset($_SESSION["USER_LOGGED"]);
+            }
            return $this->credentials;
        }
        if (isset($_SESSION["PMDYNAFORM_CREDENTIALS"]) && isset($_SESSION["PMDYNAFORM_CREDENTIALS_EXPIRES"])) {
@@ -236,6 +240,12 @@ class PmDynaform
            $time2 = strtotime($_SESSION["PMDYNAFORM_CREDENTIALS_EXPIRES"]);
            if ($time1 < $time2) {
                $this->credentials = $_SESSION["PMDYNAFORM_CREDENTIALS"];
+
+                // Destroy variable "USER_LOGGED" in session if is a not authenticated user
+                if ($flagTrackerUser) {
+                    unset($_SESSION["USER_LOGGED"]);
+                }
+
                return $this->credentials;
            }
        }
@@ -250,6 +260,7 @@ class PmDynaform
            "clientSecret" => $a["client_secret"]
        );

+        // Destroy variable "USER_LOGGED" in session if is a not authenticated user
        if ($flagTrackerUser) {
            unset($_SESSION["USER_LOGGED"]);
        }