]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e6f829)
do not remember session tokens by default
authorChristoph Wurst <christoph@winzerhof-wurst.at>
Sun, 27 Nov 2016 12:59:46 +0000 (13:59 +0100)
committerChristoph Wurst <christoph@winzerhof-wurst.at>
Sun, 27 Nov 2016 13:03:28 +0000 (14:03 +0100)
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
lib/private/User/Session.php patch | blob | history
tests/lib/User/SessionTest.php patch | blob | history

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index a45b1dcd10f259c8f8486da6f1a9b9aeb279f10e..c3561cf64e32a2e440adae88459fd17a35e4cb81 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -558,7 +558,7 @@ class Session implements IUserSession, Emitter {
                try {
                        $sessionId = $this->session->getId();
                        $pwd = $this->getPassword($password);
-                       $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
+                       $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember);
                        return true;
                } catch (SessionNotAvailableException $ex) {
                        // This can happen with OCC, where a memory session is used
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index ee9ed737cf5551dd27b40c98f41d3c12149605b0..33e19bef70d6a05173c1b9a447a983df1bbb4882 100644 (file)
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -767,7 +767,6 @@ class SessionTest extends \Test\TestCase {
        public function testCreateSessionToken() {
                $manager = $this->createMock(Manager::class);
                $session = $this->createMock(ISession::class);
-               $token = $this->createMock(IToken::class);
                $user = $this->createMock(IUser::class);
                $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
 
@@ -801,11 +800,52 @@ class SessionTest extends \Test\TestCase {
 
                $this->tokenProvider->expects($this->once())
                        ->method('generateToken')
-                       ->with($sessionId, $uid, $loginName, $password, 'Firefox');
+                       ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::DO_NOT_REMEMBER, IToken::TEMPORARY_TOKEN);
 
                $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
        }
 
+       public function testCreateRememberedSessionToken() {
+               $manager = $this->createMock(Manager::class);
+               $session = $this->createMock(ISession::class);
+               $user = $this->createMock(IUser::class);
+               $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
+
+               $random = $this->createMock(ISecureRandom::class);
+               $config = $this->createMock(IConfig::class);
+               $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
+                       ->disableOriginalConstructor()
+                       ->getMock();
+               $request = new \OC\AppFramework\Http\Request([
+                       'server' => [
+                               'HTTP_USER_AGENT' => 'Firefox',
+                       ]
+               ], $random, $config, $csrf);
+
+               $uid = 'user123';
+               $loginName = 'User123';
+               $password = 'passme';
+               $sessionId = 'abcxyz';
+
+               $manager->expects($this->once())
+                       ->method('get')
+                       ->with($uid)
+                       ->will($this->returnValue($user));
+               $session->expects($this->once())
+                       ->method('getId')
+                       ->will($this->returnValue($sessionId));
+               $this->tokenProvider->expects($this->once())
+                       ->method('getToken')
+                       ->with($password)
+                       ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
+
+               $this->tokenProvider->expects($this->once())
+                       ->method('generateToken')
+                       ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
+
+               $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true));
+       }
+
        public function testCreateSessionTokenWithTokenPassword() {
                $manager = $this->getMockBuilder('\OC\User\Manager')
                        ->disableOriginalConstructor()
@@ -850,7 +890,7 @@ class SessionTest extends \Test\TestCase {
 
                $this->tokenProvider->expects($this->once())
                        ->method('generateToken')
-                       ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox');
+                       ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
 
                $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
        }
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server