bring back old remember-me code

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
nextcloud · Oct 11, 2016 · 3006121 · 3006121
1 parent cc4b514
commit 3006121
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 16 deletions.
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -238,6 +238,12 @@ public function tryLogin($user, $password, $redirect_url) {
 		$this->userSession->login($user, $password);
 		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password);
 
+		if (true) {
+			$token = \OC::$server->getSecureRandom()->generate(32);
+			$this->config->setUserValue($originalUser, 'login_token', $token, time());
+			$this->userSession->setMagicInCookie($originalUser, $token);
+		}
+
 		// User has successfully logged in, now remove the password reset link, when it is available
 		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
 

diff --git a/lib/base.php b/lib/base.php
@@ -1039,6 +1039,9 @@ static function handleLogin(OCP\IRequest $request) {
 		if ($userSession->tryTokenLogin($request)) {
 			return true;
 		}
+		if ($userSession->loginWithCookie($_COOKIE['nc_username'], $_COOKIE['nc_token'])) {
+			return true;
+		}
 		if ($userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler())) {
 			return true;
 		}

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -691,15 +691,15 @@ public function loginWithCookie($uid, $currentToken) {
 		}
 
 		// get stored tokens
-		$tokens = OC::$server->getConfig()->getUserKeys($uid, 'login_token');
+		$tokens = $this->config->getUserKeys($uid, 'login_token');
 		// test cookies token against stored tokens
 		if (!in_array($currentToken, $tokens, true)) {
 			return false;
 		}
 		// replace successfully used token with a new one
-		OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken);
+		$this->config->deleteUserValue($uid, 'login_token', $currentToken);
 		$newToken = OC::$server->getSecureRandom()->generate(32);
-		OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time());
+		$this->config->setUserValue($uid, 'login_token', $newToken, time());
 		$this->setMagicInCookie($user->getUID(), $newToken);
 
 		//login
@@ -736,9 +736,9 @@ public function logout() {
 	public function setMagicInCookie($username, $token) {
 		$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
 		$expires = time() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
-		setcookie('oc_username', $username, $expires, OC::$WEBROOT, '', $secureCookie, true);
-		setcookie('oc_token', $token, $expires, OC::$WEBROOT, '', $secureCookie, true);
-		setcookie('oc_remember_login', '1', $expires, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_username', $username, $expires, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_token', $token, $expires, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_remember_login', '1', $expires, OC::$WEBROOT, '', $secureCookie, true);
 	}
 
 	/**
@@ -748,17 +748,17 @@ public function unsetMagicInCookie() {
 		//TODO: DI for cookies and IRequest
 		$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
 
-		unset($_COOKIE['oc_username']); //TODO: DI
-		unset($_COOKIE['oc_token']);
-		unset($_COOKIE['oc_remember_login']);
-		setcookie('oc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
-		setcookie('oc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
-		setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+		unset($_COOKIE['nc_username']); //TODO: DI
+		unset($_COOKIE['nc_token']);
+		unset($_COOKIE['nc_remember_login']);
+		setcookie('nc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_remember_login', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
 		// old cookies might be stored under /webroot/ instead of /webroot
 		// and Firefox doesn't like it!
-		setcookie('oc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
-		setcookie('oc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
-		setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+		setcookie('nc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+		setcookie('nc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+		setcookie('nc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
 	}
 
 	/**
@@ -778,4 +778,5 @@ public function updateSessionTokenPassword($password) {
 		}
 	}
 
+
 }
diff --git a/lib/public/IRequest.php b/lib/public/IRequest.php
@@ -145,7 +145,7 @@ public function getEnv($key);
 	 * Shortcut for getting cookie variables
 	 *
 	 * @param string $key the key that will be taken from the $_COOKIE array
-	 * @return string the value in the $_COOKIE element
+	 * @return string|null the value in the $_COOKIE element
 	 * @since 6.0.0
 	 */
 	public function getCookie($key);