diff options
| author | Christoph Wurst <christoph@owncloud.com> | 2016-05-17 10:07:58 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@owncloud.com> | 2016-05-23 10:32:16 +0200 |
| commit | c20cdc2213f99c6faa500e908b13fed8d0bbe5a1 (patch) | |
| tree | ea544026583faa49857b62442de70bad3042e386 | |
| parent | dec3f9ebcbdeacf5bc483df93900b157a1a5e546 (diff) | |
| download | nextcloud-server-c20cdc2213f99c6faa500e908b13fed8d0bbe5a1.tar.gz nextcloud-server-c20cdc2213f99c6faa500e908b13fed8d0bbe5a1.zip | |
invalidate user session if the user is disabled
| -rw-r--r-- | lib/private/User/Session.php | 7 | ||||
| -rw-r--r-- | tests/lib/User/SessionTest.php | 47 |
2 files changed, 51 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 7104f46fea2..138e17bba9b 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -206,7 +206,7 @@ class Session implements IUserSession, Emitter { return; } - // Check whether login credentials are still valid + // Check whether login credentials are still valid and the user was not disabled // This check is performed each 5 minutes $lastCheck = $this->session->get('last_login_check') ? : 0; $now = $this->timeFacory->getTime(); @@ -219,8 +219,9 @@ class Session implements IUserSession, Emitter { return; } - if ($this->manager->checkPassword($user->getUID(), $pwd) === false) { - // Password has changed -> log user out + if ($this->manager->checkPassword($user->getUID(), $pwd) === false + || !$user->isEnabled()) { + // Password has changed or user was disabled -> log user out $this->logout(); return; } diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 4438487e2a0..140c4321c51 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -509,4 +509,51 @@ class SessionTest extends \Test\TestCase { $this->assertFalse($userSession->tryTokenLogin($request)); } + public function testValidateSessionDisabledUser() { + $userManager = $this->getMock('\OCP\IUserManager'); + $session = $this->getMock('\OCP\ISession'); + $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory'); + $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider'); + $userSession = $this->getMockBuilder('\OC\User\Session') + ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider]) + ->setMethods(['logout']) + ->getMock(); + + $user = $this->getMock('\OCP\IUser'); + $token = $this->getMock('\OC\Authentication\Token\IToken'); + + $session->expects($this->once()) + ->method('getId') + ->will($this->returnValue('sessionid')); + $tokenProvider->expects($this->once()) + ->method('getToken') + ->with('sessionid') + ->will($this->returnValue($token)); + $session->expects($this->once()) + ->method('get') + ->with('last_login_check') + ->will($this->returnValue(1000)); + $timeFactory->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(5000)); + $tokenProvider->expects($this->once()) + ->method('getPassword') + ->with($token, 'sessionid') + ->will($this->returnValue('123456')); + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('user5')); + $userManager->expects($this->once()) + ->method('checkPassword') + ->with('user5', '123456') + ->will($this->returnValue(true)); + $user->expects($this->once()) + ->method('isEnabled') + ->will($this->returnValue(false)); + $userSession->expects($this->once()) + ->method('logout'); + + $this->invokePrivate($userSession, 'validateSession', [$user]); + } + } |