diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2016-11-28 14:05:04 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-28 14:05:04 +0100 |
commit | 3950ce9223927c66eb9f3f9f82475a19af617ed4 (patch) | |
tree | f34752c08b8ace60b2cc9ef9d10f4f5d8b8d1c81 | |
parent | 0cc771ce19642126fb764e8dcbd21100e770f4b0 (diff) | |
parent | 6543182d13778eec9471e337727c8c432e565c4b (diff) | |
download | nextcloud-server-3950ce9223927c66eb9f3f9f82475a19af617ed4.tar.gz nextcloud-server-3950ce9223927c66eb9f3f9f82475a19af617ed4.zip |
Merge pull request #2351 from nextcloud/remember-session-default
do not remember session tokens by default
-rw-r--r-- | lib/private/User/Session.php | 2 | ||||
-rw-r--r-- | tests/lib/User/SessionTest.php | 46 |
2 files changed, 44 insertions, 4 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index a45b1dcd10f..c3561cf64e3 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -558,7 +558,7 @@ class Session implements IUserSession, Emitter { try { $sessionId = $this->session->getId(); $pwd = $this->getPassword($password); - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER); + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember); return true; } catch (SessionNotAvailableException $ex) { // This can happen with OCC, where a memory session is used diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index ee9ed737cf5..78b673d10bd 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -767,7 +767,6 @@ class SessionTest extends \Test\TestCase { public function testCreateSessionToken() { $manager = $this->createMock(Manager::class); $session = $this->createMock(ISession::class); - $token = $this->createMock(IToken::class); $user = $this->createMock(IUser::class); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); @@ -801,11 +800,52 @@ class SessionTest extends \Test\TestCase { $this->tokenProvider->expects($this->once()) ->method('generateToken') - ->with($sessionId, $uid, $loginName, $password, 'Firefox'); + ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER); $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password)); } + public function testCreateRememberedSessionToken() { + $manager = $this->createMock(Manager::class); + $session = $this->createMock(ISession::class); + $user = $this->createMock(IUser::class); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); + + $random = $this->createMock(ISecureRandom::class); + $config = $this->createMock(IConfig::class); + $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager') + ->disableOriginalConstructor() + ->getMock(); + $request = new \OC\AppFramework\Http\Request([ + 'server' => [ + 'HTTP_USER_AGENT' => 'Firefox', + ] + ], $random, $config, $csrf); + + $uid = 'user123'; + $loginName = 'User123'; + $password = 'passme'; + $sessionId = 'abcxyz'; + + $manager->expects($this->once()) + ->method('get') + ->with($uid) + ->will($this->returnValue($user)); + $session->expects($this->once()) + ->method('getId') + ->will($this->returnValue($sessionId)); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with($password) + ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException())); + + $this->tokenProvider->expects($this->once()) + ->method('generateToken') + ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER); + + $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true)); + } + public function testCreateSessionTokenWithTokenPassword() { $manager = $this->getMockBuilder('\OC\User\Manager') ->disableOriginalConstructor() @@ -850,7 +890,7 @@ class SessionTest extends \Test\TestCase { $this->tokenProvider->expects($this->once()) ->method('generateToken') - ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox'); + ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER); $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password)); } |