Remove "password reset token" after successful login

author Joas Schilling <coding@schilljs.com>

Tue, 23 Aug 2016 10:54:45 +0000 (12:54 +0200)

committer Joas Schilling <coding@schilljs.com>

Tue, 23 Aug 2016 10:54:45 +0000 (12:54 +0200)
author Joas Schilling <coding@schilljs.com>
Tue, 23 Aug 2016 10:54:45 +0000 (12:54 +0200)
committer Joas Schilling <coding@schilljs.com>
Tue, 23 Aug 2016 10:54:45 +0000 (12:54 +0200)
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php

index dbc1f3157fd79dcbd11064373e3ec7195dd8907d..56b63155939b958d9ffe73de8d5f6de2548e5e35 100644 (file)
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -237,6 +237,9 @@ class LoginController extends Controller {
                 $this->userSession->login($user, $password);
                 $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password);
  
+               // User has successfully logged in, now remove the password reset link, when it is available
+               $this->config->deleteUserValue($loginResult->getUID(), 'owncloud', 'lostpassword');
+
                 if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
                         $this->twoFactorManager->prepareTwoFactorLogin($loginResult);
                         if (!is_null($redirect_url)) {
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php

index 8eaa7c9843b652f6ce123ace98b0f4c09a440cbf..7fcc8222bc34b92d0a4e1621818ad1723ce61042 100644 (file)
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -322,6 +322,8 @@ class LoginControllerTest extends TestCase {
  
                 $this->userSession->expects($this->never())
                         ->method('createSessionToken');
+               $this->config->expects($this->never())
+                       ->method('deleteUserValue');
  
                 $expected = new \OCP\AppFramework\Http\RedirectResponse($loginPageUrl);
                 $this->assertEquals($expected, $this->loginController->tryLogin($user, $password, ''));
@@ -330,6 +332,9 @@ class LoginControllerTest extends TestCase {
         public function testLoginWithValidCredentials() {
                 /** @var IUser | \PHPUnit_Framework_MockObject_MockObject $user */
                 $user = $this->getMockBuilder('\OCP\IUser')->getMock();
+               $user->expects($this->any())
+                       ->method('getUID')
+                       ->will($this->returnValue('uid'));
                 $password = 'secret';
                 $indexPageUrl = \OC_Util::getDefaultPageUrl();
  
@@ -363,6 +368,9 @@ class LoginControllerTest extends TestCase {
                         ->method('isTwoFactorAuthenticated')
                         ->with($user)
                         ->will($this->returnValue(false));
+               $this->config->expects($this->once())
+                       ->method('deleteUserValue')
+                       ->with('uid', 'owncloud', 'lostpassword');
  
                 $expected = new \OCP\AppFramework\Http\RedirectResponse($indexPageUrl);
                 $this->assertEquals($expected, $this->loginController->tryLogin($user, $password, null));
@@ -398,6 +406,8 @@ class LoginControllerTest extends TestCase {
                         ->method('isLoggedIn')
                         ->with()
                         ->will($this->returnValue(false));
+               $this->config->expects($this->never())
+                       ->method('deleteUserValue');
  
                 $expected = new \OCP\AppFramework\Http\RedirectResponse(\OC_Util::getDefaultPageUrl());
                 $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
@@ -438,6 +448,8 @@ class LoginControllerTest extends TestCase {
                         ->method('getAbsoluteURL')
                         ->with(urldecode($originalUrl))
                         ->will($this->returnValue($redirectUrl));
+               $this->config->expects($this->never())
+                       ->method('deleteUserValue');
  
                 $expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
                 $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
@@ -485,6 +497,9 @@ class LoginControllerTest extends TestCase {
                         ->method('getAbsoluteURL')
                         ->with(urldecode($originalUrl))
                         ->will($this->returnValue($redirectUrl));
+               $this->config->expects($this->once())
+                       ->method('deleteUserValue')
+                       ->with('jane', 'owncloud', 'lostpassword');
  
                 $expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl));
                 $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
@@ -536,6 +551,9 @@ class LoginControllerTest extends TestCase {
                         ->method('linkToRoute')
                         ->with('core.TwoFactorChallenge.selectChallenge')
                         ->will($this->returnValue($challengeUrl));
+               $this->config->expects($this->once())
+                       ->method('deleteUserValue')
+                       ->with('john', 'owncloud', 'lostpassword');
  
                 $expected = new RedirectResponse($challengeUrl);
                 $this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null));
@@ -586,6 +604,8 @@ class LoginControllerTest extends TestCase {
                         ->expects($this->once())
                         ->method('registerAttempt')
                         ->with('login', '192.168.0.1', ['user' => 'john@doe.com']);
+               $this->config->expects($this->never())
+                       ->method('deleteUserValue');
  
                 $expected = new RedirectResponse('');
                 $this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', 'just wrong', null));
author	Joas Schilling <coding@schilljs.com>
	Tue, 23 Aug 2016 10:54:45 +0000 (12:54 +0200)
committer	Joas Schilling <coding@schilljs.com>
	Tue, 23 Aug 2016 10:54:45 +0000 (12:54 +0200)
core/Controller/LoginController.php		patch \| blob \| history
tests/Core/Controller/LoginControllerTest.php		patch \| blob \| history