From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Mon, 5 Dec 2016 19:57:15 +0000 (+0100)
Subject: Set last-login-check on basic auth
X-Git-Tag: v11.0RC2~34^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e368a745aa5f9eb53327b2875d9fade8b4e8398b;p=nextcloud-server.git

Set last-login-check on basic auth

Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index c3561cf64e3..dcda825b9db 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -423,6 +423,7 @@ class Session implements IUserSession, Emitter {
 	 *
 	 * @todo do not allow basic auth if the user is 2FA enforced
 	 * @param IRequest $request
+	 * @param OC\Security\Bruteforce\Throttler $throttler
 	 * @return boolean if the login was successful
 	 */
 	public function tryBasicAuthLogin(IRequest $request,
@@ -440,6 +441,10 @@ class Session implements IUserSession, Emitter {
 					$this->session->set(
 						Auth::DAV_AUTHENTICATED, $this->getUser()->getUID()
 					);
+
+					// Set the last-password-confirm session to make the sudo mode work
+					 $this->session->set('last-password-confirm', $this->timeFacory->getTime());
+
 					return true;
 				}
 			} catch (PasswordLoginForbiddenException $ex) {
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 78b673d10bd..27cb92d6732 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -8,6 +8,7 @@
 
 namespace Test\User;
 
+use OC\AppFramework\Http\Request;
 use OC\Authentication\Token\DefaultTokenMapper;
 use OC\Authentication\Token\DefaultTokenProvider;
 use OC\Authentication\Token\IProvider;
@@ -17,6 +18,7 @@ use OC\Session\Memory;
 use OC\User\Manager;
 use OC\User\Session;
 use OC\User\User;
+use OCA\DAV\Connector\Sabre\Auth;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\IConfig;
 use OCP\ILogger;
@@ -1219,4 +1221,103 @@ class SessionTest extends \Test\TestCase {
 
 		$this->userSession->createRememberMeToken($user);
 	}
+
+	public function testTryBasicAuthLoginValid() {
+		$request = $this->createMock(Request::class);
+		$request->method('__get')
+			->willReturn([
+				'PHP_AUTH_USER' => 'username',
+				'PHP_AUTH_PW' => 'password',
+			]);
+		$request->method('__isset')
+			->with('server')
+			->willReturn(true);
+
+		$davAuthenticatedSet = false;
+		$lastPasswordConfirmSet = false;
+
+		$this->session
+			->method('set')
+			->will($this->returnCallback(function($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
+				switch ($k) {
+					case Auth::DAV_AUTHENTICATED:
+						$davAuthenticatedSet = $v;
+						return;
+					case 'last-password-confirm':
+						$lastPasswordConfirmSet = 1000;
+						return;
+					default:
+						throw new \Exception();
+				}
+			}));
+
+		$userSession = $this->getMockBuilder(Session::class)
+			->setConstructorArgs([
+				$this->manager,
+				$this->session,
+				$this->timeFactory,
+				$this->tokenProvider,
+				$this->config,
+				$this->random,
+			])
+			->setMethods([
+				'logClientIn',
+				'getUser',
+			])
+			->getMock();
+
+		/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
+		$userSession->expects($this->once())
+			->method('logClientIn')
+			->with(
+				$this->equalTo('username'),
+				$this->equalTo('password'),
+				$this->equalTo($request),
+				$this->equalTo($this->throttler)
+			)->willReturn(true);
+
+		$user = $this->createMock(IUser::class);
+		$user->method('getUID')->willReturn('username');
+
+		$userSession->expects($this->once())
+			->method('getUser')
+			->willReturn($user);
+
+		$this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler));
+
+		$this->assertSame('username', $davAuthenticatedSet);
+		$this->assertSame(1000, $lastPasswordConfirmSet);
+	}
+
+	public function testTryBasicAuthLoginNoLogin() {
+		$request = $this->createMock(Request::class);
+		$request->method('__get')
+			->willReturn([]);
+		$request->method('__isset')
+			->with('server')
+			->willReturn(true);
+
+		$this->session->expects($this->never())
+			->method($this->anything());
+
+		$userSession = $this->getMockBuilder(Session::class)
+			->setConstructorArgs([
+				$this->manager,
+				$this->session,
+				$this->timeFactory,
+				$this->tokenProvider,
+				$this->config,
+				$this->random,
+			])
+			->setMethods([
+				'logClientIn',
+			])
+			->getMock();
+
+		/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
+		$userSession->expects($this->never())
+			->method('logClientIn');
+
+		$this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler));
+	}
 }