aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2024-04-05 13:07:23 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2024-04-26 16:05:18 +0200
commit21ee7f59bd40e75982d162ddd76725369d6327a5 (patch)
tree9b2617be2df069c09c7d0c46b8e93662159e4590
parenta2fefbce9a6a8fd5dcda94f7697cd3a5b5a72787 (diff)
downloadnextcloud-server-21ee7f59bd40e75982d162ddd76725369d6327a5.tar.gz
nextcloud-server-21ee7f59bd40e75982d162ddd76725369d6327a5.zip
fix(session): Do not update authtoken last_check for passwordless
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
-rw-r--r--lib/private/User/Session.php2
-rw-r--r--tests/lib/User/SessionTest.php78
2 files changed, 78 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 3f893eb9bae..d7187639949 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -767,8 +767,6 @@ class Session implements IUserSession, Emitter {
return false;
}
- $dbToken->setLastCheck($now);
- $this->tokenProvider->updateToken($dbToken);
return true;
}
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 50adda64afd..619f6b3b874 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -11,9 +11,11 @@ namespace Test\User;
use OC\AppFramework\Http\Request;
use OC\Authentication\Events\LoginFailed;
use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
+use OC\Authentication\Token\PublicKeyToken;
use OC\Security\CSRF\CsrfTokenManager;
use OC\Session\Memory;
use OC\User\LoginException;
@@ -35,6 +37,8 @@ use OCP\Security\ISecureRandom;
use OCP\User\Events\PostLoginEvent;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Log\LoggerInterface;
+use function array_diff;
+use function get_class_methods;
/**
* @group DB
@@ -309,6 +313,80 @@ class SessionTest extends \Test\TestCase {
$userSession->login('foo', 'bar');
}
+ public function testPasswordlessLoginNoLastCheckUpdate(): void {
+ $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
+ $managerMethods = get_class_methods(Manager::class);
+ // Keep following methods intact in order to ensure hooks are working
+ $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
+ $manager = $this->getMockBuilder(Manager::class)
+ ->setMethods($mockedManagerMethods)
+ ->setConstructorArgs([
+ $this->config,
+ $this->createMock(ICacheFactory::class),
+ $this->createMock(IEventDispatcher::class),
+ ])
+ ->getMock();
+ $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
+
+ $session->expects($this->never())
+ ->method('set');
+ $session->expects($this->once())
+ ->method('regenerateId');
+ $token = new PublicKeyToken();
+ $token->setLoginName('foo');
+ $token->setLastCheck(0); // Never
+ $token->setUid('foo');
+ $this->tokenProvider
+ ->method('getPassword')
+ ->with($token)
+ ->willThrowException(new PasswordlessTokenException());
+ $this->tokenProvider
+ ->method('getToken')
+ ->with('app-password')
+ ->willReturn($token);
+ $this->tokenProvider->expects(self::never())
+ ->method('updateToken');
+
+ $userSession->login('foo', 'app-password');
+ }
+
+ public function testLoginLastCheckUpdate(): void {
+ $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
+ $managerMethods = get_class_methods(Manager::class);
+ // Keep following methods intact in order to ensure hooks are working
+ $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
+ $manager = $this->getMockBuilder(Manager::class)
+ ->setMethods($mockedManagerMethods)
+ ->setConstructorArgs([
+ $this->config,
+ $this->createMock(ICacheFactory::class),
+ $this->createMock(IEventDispatcher::class),
+ ])
+ ->getMock();
+ $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
+
+ $session->expects($this->never())
+ ->method('set');
+ $session->expects($this->once())
+ ->method('regenerateId');
+ $token = new PublicKeyToken();
+ $token->setLoginName('foo');
+ $token->setLastCheck(0); // Never
+ $token->setUid('foo');
+ $this->tokenProvider
+ ->method('getPassword')
+ ->with($token)
+ ->willReturn('secret');
+ $this->tokenProvider
+ ->method('getToken')
+ ->with('app-password')
+ ->willReturn($token);
+ $this->tokenProvider->expects(self::once())
+ ->method('updateToken');
+
+ $userSession->login('foo', 'app-password');
+ }
+
public function testLoginNonExisting() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$manager = $this->createMock(Manager::class);