Skip to content

Honor remember_login_cookie_lifetime #13747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rullzer merged 1 commit into from
Jan 23, 2019
Merged

Honor remember_login_cookie_lifetime #13747

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Honor remember_login_cookie_lifetime 
If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.

Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.

Signed-off-by: Roeland Jago Douma <[email protected]>
  • Loading branch information
@rullzer
rullzer committed Jan 23, 2019
commit e6333c8fe389aca4e1e8349f276de0058c20c6bb
4 changes: 2 additions & 2 deletions config/config.sample.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,8 +225,8 @@
'allow_user_to_change_display_name' => true,

/**
* Lifetime of the remember login cookie, which is set when the user clicks
* the ``remember`` checkbox on the login screen.
* Lifetime of the remember login cookie. This should be larger than the
* session_lifetime. If it is set to 0 remember me is disabled.
*
* Defaults to ``60*60*24*15`` seconds (15 days)
*/
Expand Down
9 changes: 8 additions & 1 deletion core/Controller/LoginController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,14 @@ public function tryLogin($user, $password, $redirect_url, $remember_login = true
// TODO: remove password checks from above and let the user session handle failures
// requires https://github.com/owncloud/core/pull/24616
$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER);

$tokenType = IToken::REMEMBER;
if ((int)$this->config->getSystemValue('remember_login_cookie_lifetime', 60*60*24*15) === 0) {
$remember_login = false;
$tokenType = IToken::DO_NOT_REMEMBER;
}

$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $tokenType);
$this->userSession->updateTokens($loginResult->getUID(), $password);

// User has successfully logged in, now remove the password reset link, when it is available
Expand Down
24 changes: 24 additions & 0 deletions tests/Core/Controller/LoginControllerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,10 @@ public function testLoginWithValidCredentials() {
$this->config->expects($this->once())
->method('setUserValue')
->with('uid', 'core', 'timezone', 'Europe/Berlin');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->never())
->method('createRememberMeToken');

Expand Down Expand Up @@ -493,6 +497,10 @@ public function testLoginWithValidCredentialsAndRememberMe() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('uid', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->once())
->method('createRememberMeToken')
->with($user);
Expand Down Expand Up @@ -553,6 +561,10 @@ public function testLoginWithoutPassedCsrfCheckAndLoggedIn() {
->method('deleteUserValue');
$this->userSession->expects($this->never())
->method('createRememberMeToken');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);

$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
Expand Down Expand Up @@ -590,6 +602,10 @@ public function testLoginWithValidCredentialsAndRedirectUrl() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('jane', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);

$expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl));
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
Expand Down Expand Up @@ -642,6 +658,10 @@ public function testLoginWithOneTwoFactorProvider() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('john', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->never())
->method('createRememberMeToken');

Expand Down Expand Up @@ -694,6 +714,10 @@ public function testLoginWithMultipleTwoFactorProviders() {
$this->config->expects($this->once())
->method('deleteUserValue')
->with('john', 'core', 'lostpassword');
$this->config
->method('getSystemValue')
->with('remember_login_cookie_lifetime')
->willReturn(1234);
$this->userSession->expects($this->never())
->method('createRememberMeToken');

Expand Down