NFS-616: adds helper to create compatible session ids

- adds method to replace not allowed characters with -
- adds tests for the session creation

Author: Ninerian

phpunit.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit colors="true" bootstrap="vendor/autoload.php">
+<phpunit colors="true" bootstrap="vendor/autoload.php" stderr="true" >
 	<testsuites>
 		<testsuite name="Plugins SDK unit test suite">
 			<file>test/SSODataTest.php</file>

src/PluginSession.php

@@ -149,6 +149,12 @@ private function deleteInstance($remoteCallHandler){
         $this->exitRemoteCall();
     }
 
+    private function createCompatibleSessionId(String $string): String
+    {
+        $allowedChars = '/[^a-zA-Z0-9,-]/';
+        return preg_replace($allowedChars, '-', $string);
+    }
+
 	/**
 	 * Exit the script
 	 *
@@ -166,9 +172,11 @@ protected function exitRemoteCall() {
      */
 	protected function openSession($name) {
 
+	    $sessionId = $this->createCompatibleSessionId($this->sso->getSessionId());
+
+	    session_id($sessionId);
 		session_name($name);
 		session_start();
-
 	}
 
 	/**
@@ -183,7 +191,7 @@ protected function closeSession() {
 	 * (DEPRECATED) Translate a base64 string to PEM encoded public key.
 	 *
 	 * @param string $data base64 encoded key
-	 *
+	 * @deprecated
 	 * @return string PEM encoded key
 	 */
 	public static function base64ToPEMPublicKey($data) {

test/PluginSessionTest.php

@@ -63,8 +63,11 @@ private function setupEnvironment($queryParamPid = null, $queryParamJwt = null,
 		$_GET[PluginSession::QUERY_PARAM_PID] = $queryParamPid;
 		$_GET[PluginSession::QUERY_PARAM_JWT] = $queryParamJwt;
 
-		if($clearSession)
-			$_SESSION = [];
+		if($clearSession) {
+		    session_write_close();
+            session_abort();
+            $_SESSION = [];
+        }
 	}
 
 	/**
@@ -416,4 +419,54 @@ public function testDeleteFailedCallInterface() {
 		new $Session($this->pluginId, $this->publicKey, null, 0, $handler);
 	}
 
+    /**
+     * @test
+     *
+     * Test that a session is created.
+     *
+     * @covers \Staffbase\plugins\sdk\PluginSession::__construct
+     */
+	public function testSessionIsCreated() {
+        $tokenData = $this->tokenData;
+		$this->setupEnvironment(null, $this->token, true);
+
+		$mock = $this->getMockBuilder($this->classname)
+			->disableOriginalConstructor()
+			->getMock();
+
+		$reflectedClass = new ReflectionClass($this->classname);
+		$constructor = $reflectedClass->getConstructor();
+
+		$this->assertEquals(PHP_SESSION_NONE, session_status());
+        $constructor->invoke($mock, $this->pluginId, $this->publicKey);
+        $this->assertEquals(PHP_SESSION_ACTIVE, session_status());
+
+        $this->assertEquals($tokenData[PluginSession::CLAIM_SESSION_ID], session_id());
+    }
+
+    public function testSessionIdCheck() {
+
+	    $sessionHash = 'HOjLTR6+D5YIY0/waqJQp3Bg=';
+	    $sessionId = 'HOjLTR6-D5YIY0-waqJQp3Bg-';
+
+        $tokenData = $this->tokenData;
+        $tokenData[PluginSession::CLAIM_SESSION_ID] = $sessionHash;
+        $token = SSOTokenTest::createSignedTokenFromData($this->privateKey, $tokenData);
+
+        $this->setupEnvironment(null, $token, true);
+
+        $mock = $this->getMockBuilder($this->classname)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $reflectedClass = new ReflectionClass($this->classname);
+        $constructor = $reflectedClass->getConstructor();
+
+        $this->assertEquals(PHP_SESSION_NONE, session_status());
+        $constructor->invoke($mock, $this->pluginId, $this->publicKey);
+        $this->assertEquals(PHP_SESSION_ACTIVE, session_status());
+
+        $this->assertEquals($sessionId, session_id());
+    }
+
 }