Skip to content

Commit

Permalink
Merge pull request #13747 from nextcloud/fix/honor_session_lifetime_i…
Browse files Browse the repository at this point in the history 
…f_remember_cookie_is_disabled

Honor remember_login_cookie_lifetime
  • Loading branch information
@rullzer
rullzer committed Jan 23, 2019
2 parents 308d5d5 + e6333c8 commit f2b118a
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 3 deletions.
4 changes: 2 additions & 2 deletions config/config.sample.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,8 +225,8 @@
'allow_user_to_change_display_name' => true,

/**
* Lifetime of the remember login cookie, which is set when the user clicks
* the ``remember`` checkbox on the login screen.
* Lifetime of the remember login cookie. This should be larger than the
* session_lifetime. If it is set to 0 remember me is disabled.
*
* Defaults to ``60*60*24*15`` seconds (15 days)
*/
Expand Down
9 changes: 8 additions & 1 deletion core/Controller/LoginController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,14 @@ public function tryLogin($user, $password, $redirect_url, $remember_login = true
// TODO: remove password checks from above and let the user session handle failures
// requires https://github.com/owncloud/core/pull/24616
$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER);

$tokenType = IToken::REMEMBER;
if ((int)$this->config->getSystemValue('remember_login_cookie_lifetime', 60*60*24*15) === 0) {
$remember_login = false;
$tokenType = IToken::DO_NOT_REMEMBER;
}

$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $tokenType);
$this->userSession->updateTokens($loginResult->getUID(), $password);

// User has successfully logged in, now remove the password reset link, when it is available
Expand Down
24 changes: 24 additions & 0 deletions tests/Core/Controller/LoginControllerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,10 @@ public function testLoginWithValidCredentials() {
$this->config->expects($this->once())
->method('setUserValue')
->with('uid', 'core', 'timezone', 'Europe/Berlin');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->never())
->method('createRememberMeToken');

Expand Down Expand Up @@ -493,6 +497,10 @@ public function testLoginWithValidCredentialsAndRememberMe() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('uid', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->once())
->method('createRememberMeToken')
->with($user);
Expand Down Expand Up @@ -553,6 +561,10 @@ public function testLoginWithoutPassedCsrfCheckAndLoggedIn() {
->method('deleteUserValue');
$this->userSession->expects($this->never())
->method('createRememberMeToken');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);

$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
Expand Down Expand Up @@ -590,6 +602,10 @@ public function testLoginWithValidCredentialsAndRedirectUrl() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('jane', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);

$expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl));
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
Expand Down Expand Up @@ -642,6 +658,10 @@ public function testLoginWithOneTwoFactorProvider() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('john', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->never())
->method('createRememberMeToken');

Expand Down Expand Up @@ -694,6 +714,10 @@ public function testLoginWithMultipleTwoFactorProviders() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('john', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->never())
->method('createRememberMeToken');

Expand Down

0 comments on commit f2b118a

Please sign in to comment.