diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2016-11-27 13:59:46 +0100 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2016-11-27 14:03:28 +0100 |
| commit | 9b808c40147ebb2ff58908e17039b6caf076ec7e (patch) | |
| tree | 3c5870d3426ebaddcf3f5b5b3629f7948842f92e /tests | |
| parent | 7e6f829d546a95acc3421c5fd9dd7574fa291994 (diff) | |
| download | nextcloud-server-9b808c40147ebb2ff58908e17039b6caf076ec7e.tar.gz nextcloud-server-9b808c40147ebb2ff58908e17039b6caf076ec7e.zip | |
do not remember session tokens by default
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/User/SessionTest.php | 46 |
1 files changed, 43 insertions, 3 deletions
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index ee9ed737cf5..33e19bef70d 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -767,7 +767,6 @@ class SessionTest extends \Test\TestCase { public function testCreateSessionToken() { $manager = $this->createMock(Manager::class); $session = $this->createMock(ISession::class); - $token = $this->createMock(IToken::class); $user = $this->createMock(IUser::class); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); @@ -801,11 +800,52 @@ class SessionTest extends \Test\TestCase { $this->tokenProvider->expects($this->once()) ->method('generateToken') - ->with($sessionId, $uid, $loginName, $password, 'Firefox'); + ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::DO_NOT_REMEMBER, IToken::TEMPORARY_TOKEN); $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password)); } + public function testCreateRememberedSessionToken() { + $manager = $this->createMock(Manager::class); + $session = $this->createMock(ISession::class); + $user = $this->createMock(IUser::class); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); + + $random = $this->createMock(ISecureRandom::class); + $config = $this->createMock(IConfig::class); + $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager') + ->disableOriginalConstructor() + ->getMock(); + $request = new \OC\AppFramework\Http\Request([ + 'server' => [ + 'HTTP_USER_AGENT' => 'Firefox', + ] + ], $random, $config, $csrf); + + $uid = 'user123'; + $loginName = 'User123'; + $password = 'passme'; + $sessionId = 'abcxyz'; + + $manager->expects($this->once()) + ->method('get') + ->with($uid) + ->will($this->returnValue($user)); + $session->expects($this->once()) + ->method('getId') + ->will($this->returnValue($sessionId)); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with($password) + ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException())); + + $this->tokenProvider->expects($this->once()) + ->method('generateToken') + ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER); + + $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true)); + } + public function testCreateSessionTokenWithTokenPassword() { $manager = $this->getMockBuilder('\OC\User\Manager') ->disableOriginalConstructor() @@ -850,7 +890,7 @@ class SessionTest extends \Test\TestCase { $this->tokenProvider->expects($this->once()) ->method('generateToken') - ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox'); + ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER); $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password)); } |