Added tests

framework/CHANGELOG.md

@@ -54,6 +54,7 @@ Yii Framework 2 Change Log
 - Enh #7823: Added `yii\filters\AjaxFilter` filter (dmirogin)
 - Enh #14363: Added `yii\widgets\LinkPager::$linkContainerOptions` and possibility to override tag in `yii\widgets\LinkPager::$options` (dmirogin)
 - Bug #14202: Fixed current time in (UTC) `\Yii::$app->formatter` if time not set (bscheshirwork)
+- Bug #11825: User can login by cookie only once when `autoRenewCookie` is set to false (shirase, silverfire)
 
 
 2.0.12 June 05, 2017

framework/web/User.php

@@ -609,7 +609,7 @@ class User extends Component
         }
 
         /* Ensure any existing identity cookies are removed. */
-        if ($this->enableAutoLogin && ($this->autoRenewCookie || !$identity)) {
+        if ($this->enableAutoLogin && ($this->autoRenewCookie || $identity === null)) {
             $this->removeIdentityCookie();
         }
 
@@ -628,7 +628,7 @@ class User extends Component
             if ($this->absoluteAuthTimeout !== null) {
                 $session->set($this->absoluteAuthTimeoutParam, time() + $this->absoluteAuthTimeout);
             }
-            if ($duration > 0 && $this->enableAutoLogin) {
+            if ($this->enableAutoLogin && $duration > 0) {
                 $this->sendIdentityCookie($identity, $duration);
             }
         }

tests/TestCase.php

@@ -131,7 +131,7 @@ abstract class TestCase extends \PHPUnit\Framework\TestCase
      */
     protected function invokeMethod($object, $method, $args = [], $revoke = true)
     {
-        $reflection = new \ReflectionClass($object->className());
+        $reflection = new \ReflectionObject($object);
         $method = $reflection->getMethod($method);
         $method->setAccessible(true);
         $result = $method->invokeArgs($object, $args);

tests/framework/web/UserTest.php

@@ -97,6 +97,61 @@ class UserTest extends TestCase
         $this->assertFalse(Yii::$app->user->can('doSomething'));
     }
 
+    /**
+     * Make sure autologin works more than once
+     * @see https://github.com/yiisoft/yii2/issues/11825
+     */
+    public function testIssue11825()
+    {
+        global $cookiesMock;
+        $cookiesMock = new CookieCollection();
+
+        $appConfig = [
+            'components' => [
+                'user' => [
+                    'identityClass' => UserIdentity::className(),
+                    'authTimeout' => 10,
+                    'enableAutoLogin' => true,
+                    'autoRenewCookie' => false,
+                ],
+                'response' => [
+                    'class' => MockResponse::className(),
+                ],
+                'request' => [
+                    'class' => MockRequest::className(),
+                ],
+            ],
+        ];
+        $this->mockWebApplication($appConfig);
+
+        Yii::$app->session->removeAll();
+        static::$time = \time();
+        Yii::$app->user->login(UserIdentity::findIdentity('user1'), 20);
+
+        // User is logged in
+        $this->mockWebApplication($appConfig);
+        $this->assertFalse(Yii::$app->user->isGuest);
+
+        // IdentityCookie is valid
+        Yii::$app->session->removeAll();
+        static::$time += 5;
+        $this->mockWebApplication($appConfig);
+        $this->assertFalse(Yii::$app->user->isGuest);
+
+        // IdentityCookie is still valid
+        Yii::$app->session->removeAll();
+        static::$time += 10;
+        $this->mockWebApplication($appConfig);
+        $this->assertFalse(Yii::$app->user->isGuest);
+
+        // IdentityCookie is no longer valid (we remove it manually, but browser will do it automatically)
+        $this->invokeMethod(Yii::$app->user, 'removeIdentityCookie');
+        Yii::$app->session->removeAll();
+        static::$time += 25;
+        $this->mockWebApplication($appConfig);
+        $this->assertTrue(Yii::$app->user->isGuest);
+    }
+
     public function testCookieCleanup()
     {
         global $cookiesMock;