summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2016-11-28 14:05:04 +0100
committerGitHub <noreply@github.com>2016-11-28 14:05:04 +0100
commit3950ce9223927c66eb9f3f9f82475a19af617ed4 (patch)
treef34752c08b8ace60b2cc9ef9d10f4f5d8b8d1c81
parent0cc771ce19642126fb764e8dcbd21100e770f4b0 (diff)
parent6543182d13778eec9471e337727c8c432e565c4b (diff)
downloadnextcloud-server-3950ce9223927c66eb9f3f9f82475a19af617ed4.tar.gz
nextcloud-server-3950ce9223927c66eb9f3f9f82475a19af617ed4.zip
Merge pull request #2351 from nextcloud/remember-session-default
do not remember session tokens by default
-rw-r--r--lib/private/User/Session.php2
-rw-r--r--tests/lib/User/SessionTest.php46
2 files changed, 44 insertions, 4 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index a45b1dcd10f..c3561cf64e3 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -558,7 +558,7 @@ class Session implements IUserSession, Emitter {
try {
$sessionId = $this->session->getId();
$pwd = $this->getPassword($password);
- $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
+ $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember);
return true;
} catch (SessionNotAvailableException $ex) {
// This can happen with OCC, where a memory session is used
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index ee9ed737cf5..78b673d10bd 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -767,7 +767,6 @@ class SessionTest extends \Test\TestCase {
public function testCreateSessionToken() {
$manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class);
- $token = $this->createMock(IToken::class);
$user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
@@ -801,11 +800,52 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('generateToken')
- ->with($sessionId, $uid, $loginName, $password, 'Firefox');
+ ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
}
+ public function testCreateRememberedSessionToken() {
+ $manager = $this->createMock(Manager::class);
+ $session = $this->createMock(ISession::class);
+ $user = $this->createMock(IUser::class);
+ $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
+
+ $random = $this->createMock(ISecureRandom::class);
+ $config = $this->createMock(IConfig::class);
+ $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $request = new \OC\AppFramework\Http\Request([
+ 'server' => [
+ 'HTTP_USER_AGENT' => 'Firefox',
+ ]
+ ], $random, $config, $csrf);
+
+ $uid = 'user123';
+ $loginName = 'User123';
+ $password = 'passme';
+ $sessionId = 'abcxyz';
+
+ $manager->expects($this->once())
+ ->method('get')
+ ->with($uid)
+ ->will($this->returnValue($user));
+ $session->expects($this->once())
+ ->method('getId')
+ ->will($this->returnValue($sessionId));
+ $this->tokenProvider->expects($this->once())
+ ->method('getToken')
+ ->with($password)
+ ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
+
+ $this->tokenProvider->expects($this->once())
+ ->method('generateToken')
+ ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
+
+ $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true));
+ }
+
public function testCreateSessionTokenWithTokenPassword() {
$manager = $this->getMockBuilder('\OC\User\Manager')
->disableOriginalConstructor()
@@ -850,7 +890,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('generateToken')
- ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox');
+ ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
}