diff options
-rw-r--r-- | core/Controller/LoginController.php | 4 | ||||
-rw-r--r-- | tests/Core/Controller/LoginControllerTest.php | 29 |
2 files changed, 27 insertions, 6 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index db3e8a64d64..fe2a16ec4d3 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -35,6 +35,7 @@ declare(strict_types=1); */ namespace OC\Core\Controller; +use OC\AppFramework\Http\Request; use OC\Authentication\Login\Chain; use OC\Authentication\Login\LoginData; use OC\Authentication\WebAuthn\Manager as WebAuthnManager; @@ -105,8 +106,7 @@ class LoginController extends Controller { $this->session->set('clearingExecutionContexts', '1'); $this->session->close(); - if ($this->request->getServerProtocol() === 'https') { - // This feature is available only in secure contexts + if (!$this->request->isUserAgent([Request::USER_AGENT_CHROME, Request::USER_AGENT_ANDROID_MOBILE_CHROME])) { $response->addHeader('Clear-Site-Data', '"cache", "storage"'); } diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index 7d82e256c17..b427972e1ad 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -143,8 +143,9 @@ class LoginControllerTest extends TestCase { ->with('nc_token') ->willReturn(null); $this->request - ->method('getServerProtocol') - ->willReturn('https'); + ->expects($this->once()) + ->method('isUserAgent') + ->willReturn(false); $this->config ->expects($this->never()) ->method('deleteUserValue'); @@ -159,6 +160,26 @@ class LoginControllerTest extends TestCase { $this->assertEquals($expected, $this->loginController->logout()); } + public function testLogoutNoClearSiteData() { + $this->request + ->expects($this->once()) + ->method('getCookie') + ->with('nc_token') + ->willReturn(null); + $this->request + ->expects($this->once()) + ->method('isUserAgent') + ->willReturn(true); + $this->urlGenerator + ->expects($this->once()) + ->method('linkToRouteAbsolute') + ->with('core.login.showLoginForm') + ->willReturn('/login'); + + $expected = new RedirectResponse('/login'); + $this->assertEquals($expected, $this->loginController->logout()); + } + public function testLogoutWithToken() { $this->request ->expects($this->once()) @@ -167,8 +188,8 @@ class LoginControllerTest extends TestCase { ->willReturn('MyLoginToken'); $this->request ->expects($this->once()) - ->method('getServerProtocol') - ->willReturn('https'); + ->method('isUserAgent') + ->willReturn(false); $user = $this->createMock(IUser::class); $user ->expects($this->once()) |