Only blacklist once (#1775)

* Don't reset blacklist expiration time * Allow calling get method when testing blacklist * fix and add new test
tymondesigns · Mar 14, 2019 · 63698d3 · 63698d3
1 parent 1ce697e
commit 63698d3
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/src/Blacklist.php b/src/Blacklist.php
@@ -71,6 +71,11 @@ public function add(Payload $payload)
             return $this->addForever($payload);
         }
 
+        // if we have already added this token to the blacklist
+        if (! empty($this->storage->get($this->getKey($payload)))) {
+            return true;
+        }
+
         $this->storage->add(
             $this->getKey($payload),
             ['valid_until' => $this->getGraceTimestamp()],

diff --git a/tests/BlacklistTest.php b/tests/BlacklistTest.php
@@ -70,6 +70,11 @@ public function it_should_add_a_valid_token_to_the_blacklist()
 
         $refreshTTL = 20161;
 
+        $this->storage->shouldReceive('get')
+            ->with('foo')
+            ->once()
+            ->andReturn([]);
+
         $this->storage->shouldReceive('add')
             ->with('foo', ['valid_until' => $this->testNowTimestamp], $refreshTTL + 1)
             ->once();
@@ -116,13 +121,49 @@ public function it_should_return_true_when_adding_an_expired_token_to_the_blackl
 
         $refreshTTL = 20161;
 
+        $this->storage->shouldReceive('get')
+            ->with('foo')
+            ->once()
+            ->andReturn([]);
+
         $this->storage->shouldReceive('add')
             ->with('foo', ['valid_until' => $this->testNowTimestamp], $refreshTTL + 1)
             ->once();
 
         $this->assertTrue($this->blacklist->setRefreshTTL($refreshTTL)->add($payload));
     }
 
+    /** @test */
+    public function it_should_return_true_early_when_adding_an_item_and_it_already_exists()
+    {
+        $claims = [
+            new Subject(1),
+            new Issuer('http://example.com'),
+            new Expiration($this->testNowTimestamp - 3600),
+            new NotBefore($this->testNowTimestamp),
+            new IssuedAt($this->testNowTimestamp),
+            new JwtId('foo'),
+        ];
+        $collection = Collection::make($claims);
+
+        $this->validator->shouldReceive('setRefreshFlow->check')->andReturn($collection);
+
+        $payload = new Payload($collection, $this->validator, true);
+
+        $refreshTTL = 20161;
+
+        $this->storage->shouldReceive('get')
+            ->with('foo')
+            ->once()
+            ->andReturn(['valid_until' => $this->testNowTimestamp]);
+
+        $this->storage->shouldReceive('add')
+            ->with('foo', ['valid_until' => $this->testNowTimestamp], $refreshTTL + 1)
+            ->never();
+
+        $this->assertTrue($this->blacklist->setRefreshTTL($refreshTTL)->add($payload));
+    }
+
     /** @test */
     public function it_should_check_whether_a_token_has_been_blacklisted()
     {