diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2019-01-24 18:32:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-24 18:32:43 +0100 |
| commit | c7fd71ee7d25761187cfdbc06ebe6d2567b94190 (patch) | |
| tree | 8abc626a5eb4c1098924975cbf3dcd6a1a39f759 | |
| parent | 081f96b42032848f158ccd39001518309f701bd6 (diff) | |
| parent | 38f01c136163aaa095c081f166b200dd1678ff6a (diff) | |
| download | nextcloud-server-c7fd71ee7d25761187cfdbc06ebe6d2567b94190.tar.gz nextcloud-server-c7fd71ee7d25761187cfdbc06ebe6d2567b94190.zip | |
Merge pull request #13767 from nextcloud/backport/13747/stable14
[stable14] Honor remember_login_cookie_lifetime
| -rw-r--r-- | config/config.sample.php | 4 | ||||
| -rw-r--r-- | core/Controller/LoginController.php | 9 | ||||
| -rw-r--r-- | tests/Core/Controller/LoginControllerTest.php | 24 |
3 files changed, 34 insertions, 3 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index f12c75d91ca..0dc8c0ca94d 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -225,8 +225,8 @@ $CONFIG = array( 'allow_user_to_change_display_name' => true, /** - * Lifetime of the remember login cookie, which is set when the user clicks - * the ``remember`` checkbox on the login screen. + * Lifetime of the remember login cookie. This should be larger than the + * session_lifetime. If it is set to 0 remember me is disabled. * * Defaults to ``60*60*24*15`` seconds (15 days) */ diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index c30206ff3d5..0eb4cda7b28 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -321,7 +321,14 @@ class LoginController extends Controller { // TODO: remove password checks from above and let the user session handle failures // requires https://github.com/owncloud/core/pull/24616 $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); - $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); + + $tokenType = IToken::REMEMBER; + if ((int)$this->config->getSystemValue('remember_login_cookie_lifetime', 60*60*24*15) === 0) { + $remember_login = false; + $tokenType = IToken::DO_NOT_REMEMBER; + } + + $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $tokenType); // User has successfully logged in, now remove the password reset link, when it is available $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index f2e8d112b64..815a73da668 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -441,6 +441,10 @@ class LoginControllerTest extends TestCase { $this->config->expects($this->once()) ->method('setUserValue') ->with('uid', 'core', 'timezone', 'Europe/Berlin'); + $this->config + ->method('getSystemValue') + ->with('remember_login_cookie_lifetime') + ->willReturn(1234); $this->userSession->expects($this->never()) ->method('createRememberMeToken'); @@ -485,6 +489,10 @@ class LoginControllerTest extends TestCase { $this->config->expects($this->once()) ->method('deleteUserValue') ->with('uid', 'core', 'lostpassword'); + $this->config + ->method('getSystemValue') + ->with('remember_login_cookie_lifetime') + ->willReturn(1234); $this->userSession->expects($this->once()) ->method('createRememberMeToken') ->with($user); @@ -545,6 +553,10 @@ class LoginControllerTest extends TestCase { ->method('deleteUserValue'); $this->userSession->expects($this->never()) ->method('createRememberMeToken'); + $this->config + ->method('getSystemValue') + ->with('remember_login_cookie_lifetime') + ->willReturn(1234); $expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl); $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); @@ -582,6 +594,10 @@ class LoginControllerTest extends TestCase { $this->config->expects($this->once()) ->method('deleteUserValue') ->with('jane', 'core', 'lostpassword'); + $this->config + ->method('getSystemValue') + ->with('remember_login_cookie_lifetime') + ->willReturn(1234); $expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl)); $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); @@ -634,6 +650,10 @@ class LoginControllerTest extends TestCase { $this->config->expects($this->once()) ->method('deleteUserValue') ->with('john', 'core', 'lostpassword'); + $this->config + ->method('getSystemValue') + ->with('remember_login_cookie_lifetime') + ->willReturn(1234); $this->userSession->expects($this->never()) ->method('createRememberMeToken'); @@ -686,6 +706,10 @@ class LoginControllerTest extends TestCase { $this->config->expects($this->once()) ->method('deleteUserValue') ->with('john', 'core', 'lostpassword'); + $this->config + ->method('getSystemValue') + ->with('remember_login_cookie_lifetime') + ->willReturn(1234); $this->userSession->expects($this->never()) ->method('createRememberMeToken'); |