From e6333c8fe389aca4e1e8349f276de0058c20c6bb Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Tue, 22 Jan 2019 16:16:55 +0100 Subject: Honor remember_login_cookie_lifetime If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma --- core/Controller/LoginController.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 40e13b43c80..64899304d78 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -329,7 +329,14 @@ class LoginController extends Controller { // TODO: remove password checks from above and let the user session handle failures // requires https://github.com/owncloud/core/pull/24616 $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); - $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); + + $tokenType = IToken::REMEMBER; + if ((int)$this->config->getSystemValue('remember_login_cookie_lifetime', 60*60*24*15) === 0) { + $remember_login = false; + $tokenType = IToken::DO_NOT_REMEMBER; + } + + $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $tokenType); $this->userSession->updateTokens($loginResult->getUID(), $password); // User has successfully logged in, now remove the password reset link, when it is available -- cgit v1.2.3