Browse Source
Honor remember_login_cookie_lifetime
If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v16.0.0alpha1
Roeland Jago Douma
5 years ago
3 changed files with 34 additions and 3 deletions
+ 2
- 2
config/config.sample.php
View File
| @@ -225,8 +225,8 @@ $CONFIG = array( | |||
| 'allow_user_to_change_display_name' => true, | |||
| /** | |||
| * Lifetime of the remember login cookie, which is set when the user clicks | |||
| * the ``remember`` checkbox on the login screen. | |||
| * Lifetime of the remember login cookie. This should be larger than the | |||
| * session_lifetime. If it is set to 0 remember me is disabled. | |||
| * | |||
| * Defaults to ``60*60*24*15`` seconds (15 days) | |||
| */ | |||
+ 8
- 1
core/Controller/LoginController.php
View File
| @@ -329,7 +329,14 @@ class LoginController extends Controller { | |||
| // TODO: remove password checks from above and let the user session handle failures | |||
| // requires https://github.com/owncloud/core/pull/24616 | |||
| $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); | |||
| $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); | |||
| $tokenType = IToken::REMEMBER; | |||
| if ((int)$this->config->getSystemValue('remember_login_cookie_lifetime', 60*60*24*15) === 0) { | |||
| $remember_login = false; | |||
| $tokenType = IToken::DO_NOT_REMEMBER; | |||
| } | |||
| $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $tokenType); | |||
| $this->userSession->updateTokens($loginResult->getUID(), $password); | |||
| // User has successfully logged in, now remove the password reset link, when it is available | |||
+ 24
- 0
tests/Core/Controller/LoginControllerTest.php
View File
| @@ -449,6 +449,10 @@ class LoginControllerTest extends TestCase { | |||
| $this->config->expects($this->once()) | |||
| ->method('setUserValue') | |||
| ->with('uid', 'core', 'timezone', 'Europe/Berlin'); | |||
| $this->config | |||
| ->method('getSystemValue') | |||
| ->with('remember_login_cookie_lifetime') | |||
| ->willReturn(1234); | |||
| $this->userSession->expects($this->never()) | |||
| ->method('createRememberMeToken'); | |||
| @@ -493,6 +497,10 @@ class LoginControllerTest extends TestCase { | |||
| $this->config->expects($this->once()) | |||
| ->method('deleteUserValue') | |||
| ->with('uid', 'core', 'lostpassword'); | |||
| $this->config | |||
| ->method('getSystemValue') | |||
| ->with('remember_login_cookie_lifetime') | |||
| ->willReturn(1234); | |||
| $this->userSession->expects($this->once()) | |||
| ->method('createRememberMeToken') | |||
| ->with($user); | |||
| @@ -553,6 +561,10 @@ class LoginControllerTest extends TestCase { | |||
| ->method('deleteUserValue'); | |||
| $this->userSession->expects($this->never()) | |||
| ->method('createRememberMeToken'); | |||
| $this->config | |||
| ->method('getSystemValue') | |||
| ->with('remember_login_cookie_lifetime') | |||
| ->willReturn(1234); | |||
| $expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl); | |||
| $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); | |||
| @@ -590,6 +602,10 @@ class LoginControllerTest extends TestCase { | |||
| $this->config->expects($this->once()) | |||
| ->method('deleteUserValue') | |||
| ->with('jane', 'core', 'lostpassword'); | |||
| $this->config | |||
| ->method('getSystemValue') | |||
| ->with('remember_login_cookie_lifetime') | |||
| ->willReturn(1234); | |||
| $expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl)); | |||
| $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); | |||
| @@ -642,6 +658,10 @@ class LoginControllerTest extends TestCase { | |||
| $this->config->expects($this->once()) | |||
| ->method('deleteUserValue') | |||
| ->with('john', 'core', 'lostpassword'); | |||
| $this->config | |||
| ->method('getSystemValue') | |||
| ->with('remember_login_cookie_lifetime') | |||
| ->willReturn(1234); | |||
| $this->userSession->expects($this->never()) | |||
| ->method('createRememberMeToken'); | |||
| @@ -694,6 +714,10 @@ class LoginControllerTest extends TestCase { | |||
| $this->config->expects($this->once()) | |||
| ->method('deleteUserValue') | |||
| ->with('john', 'core', 'lostpassword'); | |||
| $this->config | |||
| ->method('getSystemValue') | |||
| ->with('remember_login_cookie_lifetime') | |||
| ->willReturn(1234); | |||
| $this->userSession->expects($this->never()) | |||
| ->method('createRememberMeToken'); | |||
Loading…