Merge pull request #17784 from nextcloud/enh/disable-clear-site-data-via-config

Disable Clear-Site-Data for Chrom* (and Opera, Brave, etc)
This commit is contained in:
Roeland Jago Douma 2019-12-12 21:59:42 +01:00 committed by GitHub
commit 87104ce510
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 2 deletions

View file

@ -31,9 +31,9 @@
namespace OC\Core\Controller;
use OC\AppFramework\Http\Request;
use OC\Authentication\Login\Chain;
use OC\Authentication\Login\LoginData;
use OC\Authentication\TwoFactorAuth\Manager;
use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OC_App;
@ -126,7 +126,11 @@ class LoginController extends Controller {
$this->session->set('clearingExecutionContexts', '1');
$this->session->close();
$response->addHeader('Clear-Site-Data', '"cache", "storage"');
if (!$this->request->isUserAgent([Request::USER_AGENT_CHROME, Request::USER_AGENT_ANDROID_MOBILE_CHROME])) {
$response->addHeader('Clear-Site-Data', '"cache", "storage"');
}
return $response;
}

View file

@ -128,6 +128,10 @@ class LoginControllerTest extends TestCase {
->method('getCookie')
->with('nc_token')
->willReturn(null);
$this->request
->expects($this->once())
->method('isUserAgent')
->willReturn(false);
$this->config
->expects($this->never())
->method('deleteUserValue');
@ -142,12 +146,36 @@ class LoginControllerTest extends TestCase {
$this->assertEquals($expected, $this->loginController->logout());
}
public function testLogoutNoClearSiteData() {
$this->request
->expects($this->once())
->method('getCookie')
->with('nc_token')
->willReturn(null);
$this->request
->expects($this->once())
->method('isUserAgent')
->willReturn(true);
$this->urlGenerator
->expects($this->once())
->method('linkToRouteAbsolute')
->with('core.login.showLoginForm')
->willReturn('/login');
$expected = new RedirectResponse('/login');
$this->assertEquals($expected, $this->loginController->logout());
}
public function testLogoutWithToken() {
$this->request
->expects($this->once())
->method('getCookie')
->with('nc_token')
->willReturn('MyLoginToken');
$this->request
->expects($this->once())
->method('isUserAgent')
->willReturn(false);
$user = $this->createMock(IUser::class);
$user
->expects($this->once())