do login routine only once when done via LoginController

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 09b0845d6784b1f6153437540037da44b649a279..68acbbd43fe335d6875a31e4c992d07e7aec15ae 100644 (file)
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -250,7 +250,7 @@ class LoginController extends Controller {
                }
                // TODO: remove password checks from above and let the user session handle failures
                // requires https://github.com/owncloud/core/pull/24616
-               $this->userSession->login($user, $password);
+               $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
                $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
 
                // User has successfully logged in, now remove the password reset link, when it is available

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 73a8196cecd5947f9c0d4caa538e40805e79c9a9..05b24c8ccffc1fd9442d8f20c0c037d46cfe78dd 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -41,6 +41,7 @@ use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
 use OC\Authentication\Token\IProvider;
 use OC\Authentication\Token\IToken;
 use OC\Hooks\Emitter;
+use OC\Hooks\PublicEmitter;
 use OC_User;
 use OC_Util;
 use OCA\DAV\Connector\Sabre\Auth;
@@ -78,7 +79,7 @@ use Symfony\Component\EventDispatcher\GenericEvent;
  */
 class Session implements IUserSession, Emitter {
 
-       /** @var IUserManager $manager */
+       /** @var IUserManager|PublicEmitter $manager */
        private $manager;
 
        /** @var ISession $session */
@@ -156,7 +157,7 @@ class Session implements IUserSession, Emitter {
        /**
         * get the manager object
         *
-        * @return Manager
+        * @return Manager|PublicEmitter
         */
        public function getManager() {
                return $this->manager;
@@ -324,6 +325,41 @@ class Session implements IUserSession, Emitter {
                return $this->loginWithPassword($uid, $password);
        }
 
+       /**
+        * @param IUser $user
+        * @param array $loginDetails
+        * @return bool
+        * @throws LoginException
+        */
+       public function completeLogin(IUser $user, array $loginDetails) {
+               if (!$user->isEnabled()) {
+                       // disabled users can not log in
+                       // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory
+                       $message = \OC::$server->getL10N('lib')->t('User disabled');
+                       throw new LoginException($message);
+               }
+
+               $this->setUser($user);
+               $this->setLoginName($loginDetails['loginName']);
+
+               if(isset($loginDetails['token']) && $loginDetails['token'] instanceof IToken) {
+                       $this->setToken($loginDetails['token']->getId());
+                       \OC::$server->getLockdownManager()->setToken($loginDetails['token']);
+                       $firstTimeLogin = false;
+               } else {
+                       $this->setToken(null);
+                       $firstTimeLogin = $user->updateLastLoginTimestamp();
+               }
+               $this->manager->emit('\OC\User', 'postLogin', [$user, $loginDetails['password']]);
+               if($this->isLoggedIn()) {
+                       $this->prepareUserLogin($firstTimeLogin);
+                       return true;
+               } else {
+                       $message = \OC::$server->getL10N('lib')->t('Login canceled by app');
+                       throw new LoginException($message);
+               }
+       }
+
        /**
         * Tries to log in a client
         *
@@ -498,25 +534,7 @@ class Session implements IUserSession, Emitter {
                        return false;
                }
 
-               if ($user->isEnabled()) {
-                       $this->setUser($user);
-                       $this->setLoginName($uid);
-                       $this->setToken(null);
-                       $firstTimeLogin = $user->updateLastLoginTimestamp();
-                       $this->manager->emit('\OC\User', 'postLogin', [$user, $password]);
-                       if ($this->isLoggedIn()) {
-                               $this->prepareUserLogin($firstTimeLogin);
-                               return true;
-                       } else {
-                               // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory
-                               $message = \OC::$server->getL10N('lib')->t('Login canceled by app');
-                               throw new LoginException($message);
-                       }
-               } else {
-                       // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory
-                       $message = \OC::$server->getL10N('lib')->t('User disabled');
-                       throw new LoginException($message);
-               }
+               return $this->completeLogin($user, ['loginName' => $uid, 'password' => $password]);
        }
 
        /**
@@ -547,29 +565,8 @@ class Session implements IUserSession, Emitter {
                        // user does not exist
                        return false;
                }
-               if (!$user->isEnabled()) {
-                       // disabled users can not log in
-                       // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory
-                       $message = \OC::$server->getL10N('lib')->t('User disabled');
-                       throw new LoginException($message);
-               }
-
-               //login
-               $this->setUser($user);
-               $this->setLoginName($dbToken->getLoginName());
-               $this->setToken($dbToken->getId());
-               $this->lockdownManager->setToken($dbToken);
-               $this->manager->emit('\OC\User', 'postLogin', array($user, $password));
-
-               if ($this->isLoggedIn()) {
-                       $this->prepareUserLogin(false); // token login cant be the first
-               } else {
-                       // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory
-                       $message = \OC::$server->getL10N('lib')->t('Login canceled by app');
-                       throw new LoginException($message);
-               }
 
-               return true;
+               return $this->completeLogin($user, ['loginName' => $uid, 'password' => $password, 'token' => $dbToken]);
        }
 
        /**

diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index 51592c2c43ad748ce47ab6cb0ef3d3b2c216943c..aa6ebe493859be307efaa4d24358fc3d7d840669 100644 (file)
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -362,8 +362,8 @@ class LoginControllerTest extends TestCase {
                        ->method('checkPassword')
                        ->will($this->returnValue($user));
                $this->userSession->expects($this->once())
-                       ->method('login')
-                       ->with($loginName, $password);
+                       ->method('completeLogin')
+                       ->with($user, ['loginName' => $loginName, 'password' => $password]);
                $this->userSession->expects($this->once())
                        ->method('createSessionToken')
                        ->with($this->request, $user->getUID(), $loginName, $password, false);
@@ -422,8 +422,8 @@ class LoginControllerTest extends TestCase {
                        ->method('checkPassword')
                        ->will($this->returnValue($user));
                $this->userSession->expects($this->once())
-                       ->method('login')
-                       ->with($loginName, $password);
+                       ->method('completeLogin')
+                       ->with($user, ['loginName' => $loginName, 'password' => $password]);
                $this->userSession->expects($this->once())
                        ->method('createSessionToken')
                        ->with($this->request, $user->getUID(), $loginName, $password, true);
@@ -606,8 +606,8 @@ class LoginControllerTest extends TestCase {
                        ->method('checkPassword')
                        ->will($this->returnValue($user));
                $this->userSession->expects($this->once())
-                       ->method('login')
-                       ->with('john@doe.com', $password);
+                       ->method('completeLogin')
+                       ->with($user, ['loginName' => 'john@doe.com', 'password' => $password]);
                $this->userSession->expects($this->once())
                        ->method('createSessionToken')
                        ->with($this->request, $user->getUID(), 'john@doe.com', $password, false);
@@ -673,8 +673,8 @@ class LoginControllerTest extends TestCase {
                        ->method('checkPassword')
                        ->will($this->returnValue($user));
                $this->userSession->expects($this->once())
-                       ->method('login')
-                       ->with('john@doe.com', $password);
+                       ->method('completeLogin')
+                       ->with($user, ['loginName' => 'john@doe.com', 'password' => $password]);
                $this->userSession->expects($this->once())
                        ->method('createSessionToken')
                        ->with($this->request, $user->getUID(), 'john@doe.com', $password, false);