From d907666232468503ab6ed2bdac44b6500be2beb6 Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Tue, 6 Sep 2016 21:41:15 +0200 Subject: bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst --- core/Controller/LoginController.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'core') diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 884eea8869e..71478470ffe 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -196,9 +196,10 @@ class LoginController extends Controller { * @param string $user * @param string $password * @param string $redirect_url + * @param boolean $remember_login * @return RedirectResponse */ - public function tryLogin($user, $password, $redirect_url) { + public function tryLogin($user, $password, $redirect_url, $remember_login = false) { $currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress()); $this->throttler->sleepDelay($this->request->getRemoteAddress()); @@ -236,13 +237,13 @@ class LoginController extends Controller { // TODO: remove password checks from above and let the user session handle failures // requires https://github.com/owncloud/core/pull/24616 $this->userSession->login($user, $password); - $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password); + $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $remember_login); // User has successfully logged in, now remove the password reset link, when it is available $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) { - $this->twoFactorManager->prepareTwoFactorLogin($loginResult); + $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login); $providers = $this->twoFactorManager->getProviders($loginResult); if (count($providers) === 1) { @@ -265,6 +266,10 @@ class LoginController extends Controller { return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams)); } + if ($remember_login) { + $this->userSession->createRememberMeToken($loginResult); + } + return $this->generateRedirect($redirect_url); } -- cgit v1.2.3