wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

do not remember session tokens by default

Browse source 
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2016-11-27 13:59:46 +01:00
parent 7e6f829d54
commit 9b808c4014
2 changed files with 44 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/private/User/Session.php
View file

@ -558,7 +558,7 @@ class Session implements IUserSession, Emitter {
try {
$sessionId = $this->session->getId();
$pwd = $this->getPassword($password);
$this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
$this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember);
return true;
} catch (SessionNotAvailableException $ex) {
// This can happen with OCC, where a memory session is used

46
tests/lib/User/SessionTest.php
View file

@ -767,7 +767,6 @@ class SessionTest extends \Test\TestCase {
public function testCreateSessionToken() {
$manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class);
$token = $this->createMock(IToken::class);
$user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
@ -801,11 +800,52 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('generateToken')
->with($sessionId, $uid, $loginName, $password, 'Firefox');
->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::DO_NOT_REMEMBER, IToken::TEMPORARY_TOKEN);
$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
}
public function testCreateRememberedSessionToken() {
$manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class);
$user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
$random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class);
$csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
->disableOriginalConstructor()
->getMock();
$request = new \OC\AppFramework\Http\Request([
'server' => [
'HTTP_USER_AGENT' => 'Firefox',
]
], $random, $config, $csrf);
$uid = 'user123';
$loginName = 'User123';
$password = 'passme';
$sessionId = 'abcxyz';
$manager->expects($this->once())
->method('get')
->with($uid)
->will($this->returnValue($user));
$session->expects($this->once())
->method('getId')
->will($this->returnValue($sessionId));
$this->tokenProvider->expects($this->once())
->method('getToken')
->with($password)
->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
$this->tokenProvider->expects($this->once())
->method('generateToken')
->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true));
}
public function testCreateSessionTokenWithTokenPassword() {
$manager = $this->getMockBuilder('\OC\User\Manager')
->disableOriginalConstructor()
@ -850,7 +890,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('generateToken')
->with($sessionId, $uid, $loginName, $realPassword, 'Firefox');
->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
}