summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2016-09-06 21:41:15 +0200
committerLukas Reschke <lukas@statuscode.ch>2016-11-02 13:39:16 +0100
commitd907666232468503ab6ed2bdac44b6500be2beb6 (patch)
tree945f83d4ddeda3df811042b138e84a2cdf06d120 /core
parentdada3ffb51ce9d941b15f1e3fdc1ce292acebb69 (diff)
downloadnextcloud-server-d907666232468503ab6ed2bdac44b6500be2beb6.tar.gz
nextcloud-server-d907666232468503ab6ed2bdac44b6500be2beb6.zip
bring back remember-me
* try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'core')
-rw-r--r--core/Controller/LoginController.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 884eea8869e..71478470ffe 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -196,9 +196,10 @@ class LoginController extends Controller {
* @param string $user
* @param string $password
* @param string $redirect_url
+ * @param boolean $remember_login
* @return RedirectResponse
*/
- public function tryLogin($user, $password, $redirect_url) {
+ public function tryLogin($user, $password, $redirect_url, $remember_login = false) {
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress());
$this->throttler->sleepDelay($this->request->getRemoteAddress());
@@ -236,13 +237,13 @@ class LoginController extends Controller {
// TODO: remove password checks from above and let the user session handle failures
// requires https://github.com/owncloud/core/pull/24616
$this->userSession->login($user, $password);
- $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password);
+ $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $remember_login);
// User has successfully logged in, now remove the password reset link, when it is available
$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
- $this->twoFactorManager->prepareTwoFactorLogin($loginResult);
+ $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
$providers = $this->twoFactorManager->getProviders($loginResult);
if (count($providers) === 1) {
@@ -265,6 +266,10 @@ class LoginController extends Controller {
return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
}
+ if ($remember_login) {
+ $this->userSession->createRememberMeToken($loginResult);
+ }
+
return $this->generateRedirect($redirect_url);
}