feat(login): Add rememberme checkbox

Only present if allowed by configuration.

Signed-off-by: Côme Chilliet <[email protected]>

core/Controller/LoginController.php

@@ -143,6 +143,11 @@ public function showLoginForm(?string $user = null, ?string $redirect_url = null
 			$this->config->getSystemValue('login_form_autocomplete', true) === true
 		);
 
+		$this->initialState->provideInitialState(
+			'loginCanRememberme',
+			$this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15) > 0
+		);
+
 		if (!empty($redirect_url)) {
 			[$url, ] = explode('?', $redirect_url);
 			if ($url !== $this->urlGenerator->linkToRoute('core.login.logout')) {
@@ -287,6 +292,7 @@ public function tryLogin(
 		ITrustedDomainHelper $trustedDomainHelper,
 		string $user = '',
 		string $password = '',
+		bool $rememberme = false,
 		?string $redirect_url = null,
 		string $timezone = '',
 		string $timezone_offset = '',
@@ -339,9 +345,10 @@ public function tryLogin(
 			$this->request,
 			$user,
 			$password,
+			$rememberme,
 			$redirect_url,
 			$timezone,
-			$timezone_offset
+			$timezone_offset,
 		);
 		$result = $loginChain->process($data);
 		if (!$result->isSuccess()) {

core/src/components/login/LoginForm.vue

@@ -74,6 +74,16 @@
 				data-login-form-input-password
 				required />
 
+			<NcCheckboxRadioSwitch v-if="remembermeAllowed"
+				id="rememberme"
+				ref="rememberme"
+				name="rememberme"
+				value="1"
+				:checked.sync="rememberme"
+				data-login-form-input-rememberme>
+				{{ t('core', 'Remember me') }}
+			</NcCheckboxRadioSwitch>
+
 			<LoginButton data-login-form-submit :loading="loading" />
 
 			<input v-if="redirectUrl"
@@ -102,7 +112,7 @@ import { loadState } from '@nextcloud/initial-state'
 import { translate as t } from '@nextcloud/l10n'
 import { generateUrl, imagePath } from '@nextcloud/router'
 import debounce from 'debounce'
-
+import NcCheckboxRadioSwitch from '@nextcloud/vue/components/NcCheckboxRadioSwitch'
 import NcPasswordField from '@nextcloud/vue/components/NcPasswordField'
 import NcTextField from '@nextcloud/vue/components/NcTextField'
 import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
@@ -115,6 +125,7 @@ export default {
 
 	components: {
 		LoginButton,
+		NcCheckboxRadioSwitch,
 		NcPasswordField,
 		NcTextField,
 		NcNoteCard,
@@ -147,6 +158,10 @@ export default {
 			type: Boolean,
 			default: true,
 		},
+		remembermeAllowed: {
+			type: Boolean,
+			default: true,
+		},
 		directLogin: {
 			type: Boolean,
 			default: false,
@@ -180,6 +195,7 @@ export default {
 			loading: false,
 			user: '',
 			password: '',
+			rememberme: [],
 		}
 	},
 

core/src/views/Login.vue

@@ -15,6 +15,7 @@
 						:errors="errors"
 						:throttle-delay="throttleDelay"
 						:auto-complete-allowed="autoCompleteAllowed"
+						:rememberme-allowed="remembermeAllowed"
 						:email-states="emailStates"
 						@submit="loading = true" />
 					<NcButton v-if="hasPasswordless"
@@ -139,6 +140,7 @@ export default {
 			canResetPassword: loadState('core', 'loginCanResetPassword', false),
 			resetPasswordLink: loadState('core', 'loginResetPasswordLink', ''),
 			autoCompleteAllowed: loadState('core', 'loginAutocomplete', true),
+			remembermeAllowed: loadState('core', 'loginCanRememberme', true),
 			resetPasswordTarget: loadState('core', 'resetPasswordTarget', ''),
 			resetPasswordUser: loadState('core', 'resetPasswordUser', ''),
 			directLogin: query.direct === '1',

lib/private/Authentication/Login/CreateSessionTokenCommand.php

@@ -26,9 +26,12 @@ public function __construct(IConfig $config,
 	}
 
 	public function process(LoginData $loginData): LoginResult {
-		$tokenType = IToken::REMEMBER;
 		if ($this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15) === 0) {
 			$loginData->setRememberLogin(false);
+		}
+		if ($loginData->isRememberLogin()) {
+			$tokenType = IToken::REMEMBER;
+		} else {
 			$tokenType = IToken::DO_NOT_REMEMBER;
 		}
 

lib/private/Authentication/Login/LoginData.php

@@ -16,12 +16,11 @@ class LoginData {
 	/** @var IUser|false|null */
 	private $user = null;
 
-	private bool $rememberLogin = true;
-
 	public function __construct(
 		private IRequest $request,
 		private string $username,
 		private ?string $password,
+		private bool $rememberLogin = true,
 		private ?string $redirectUrl = null,
 		private string $timeZone = '',
 		private string $timeZoneOffset = '',

tests/Core/Controller/LoginControllerTest.php

@@ -31,6 +31,7 @@
 use OCP\Notification\IManager;
 use OCP\Security\Bruteforce\IThrottler;
 use OCP\Security\ITrustedDomainHelper;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
 
@@ -277,7 +278,7 @@ public function testShowLoginFormWithErrorsInSession(): void {
 				'',
 			]
 		];
-		$this->initialState->expects($this->exactly(13))
+		$this->initialState->expects($this->exactly(14))
 			->method('provideInitialState')
 			->willReturnCallback(function () use (&$calls): void {
 				$expected = array_shift($calls);
@@ -309,12 +310,16 @@ public function testShowLoginFormForFlowAuth(): void {
 				'loginAutocomplete',
 				false
 			],
+			[
+				'loginCanRememberme',
+				false
+			],
 			[
 				'loginRedirectUrl',
 				'login/flow'
 			],
 		];
-		$this->initialState->expects($this->exactly(14))
+		$this->initialState->expects($this->exactly(15))
 			->method('provideInitialState')
 			->willReturnCallback(function () use (&$calls): void {
 				$expected = array_shift($calls);
@@ -351,7 +356,7 @@ public static function passwordResetDataProvider(): array {
 		];
 	}
 
-	#[\PHPUnit\Framework\Attributes\DataProvider('passwordResetDataProvider')]
+	#[DataProvider('passwordResetDataProvider')]
 	public function testShowLoginFormWithPasswordResetOption($canChangePassword,
 		$expectedResult): void {
 		$this->userSession
@@ -386,13 +391,13 @@ public function testShowLoginFormWithPasswordResetOption($canChangePassword,
 				'loginUsername',
 				'LdapUser'
 			],
-			[], [], [],
+			[], [], [], [],
 			[
 				'loginCanResetPassword',
 				$expectedResult
 			],
 		];
-		$this->initialState->expects($this->exactly(13))
+		$this->initialState->expects($this->exactly(14))
 			->method('provideInitialState')
 			->willReturnCallback(function () use (&$calls): void {
 				$expected = array_shift($calls);
@@ -445,6 +450,10 @@ public function testShowLoginFormForUserNamed0(): void {
 				'loginAutocomplete',
 				true
 			],
+			[
+				'loginCanRememberme',
+				false
+			],
 			[],
 			[
 				'loginResetPasswordLink',
@@ -455,7 +464,7 @@ public function testShowLoginFormForUserNamed0(): void {
 				false
 			],
 		];
-		$this->initialState->expects($this->exactly(13))
+		$this->initialState->expects($this->exactly(14))
 			->method('provideInitialState')
 			->willReturnCallback(function () use (&$calls): void {
 				$expected = array_shift($calls);
@@ -476,7 +485,19 @@ public function testShowLoginFormForUserNamed0(): void {
 		$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('0', ''));
 	}
 
-	public function testLoginWithInvalidCredentials(): void {
+	public static function remembermeProvider(): array {
+		return [
+			[
+				true,
+			],
+			[
+				false,
+			],
+		];
+	}
+
+	#[DataProvider('remembermeProvider')]
+	public function testLoginWithInvalidCredentials(bool $rememberme): void {
 		$user = 'MyUserName';
 		$password = 'secret';
 		$loginPageUrl = '/login?redirect_url=/apps/files';
@@ -491,6 +512,7 @@ public function testLoginWithInvalidCredentials(): void {
 			$this->request,
 			$user,
 			$password,
+			$rememberme,
 			'/apps/files'
 		);
 		$loginResult = LoginResult::failure($loginData, LoginController::LOGIN_MSG_INVALIDPASSWORD);
@@ -509,12 +531,13 @@ public function testLoginWithInvalidCredentials(): void {
 		$expected = new RedirectResponse($loginPageUrl);
 		$expected->throttle(['user' => 'MyUserName']);
 
-		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, $user, $password, '/apps/files');
+		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, $user, $password, $rememberme, '/apps/files');
 
 		$this->assertEquals($expected, $response);
 	}
 
-	public function testLoginWithValidCredentials(): void {
+	#[DataProvider('remembermeProvider')]
+	public function testLoginWithValidCredentials(bool $rememberme): void {
 		$user = 'MyUserName';
 		$password = 'secret';
 		$loginChain = $this->createMock(LoginChain::class);
@@ -527,7 +550,8 @@ public function testLoginWithValidCredentials(): void {
 		$loginData = new LoginData(
 			$this->request,
 			$user,
-			$password
+			$password,
+			$rememberme,
 		);
 		$loginResult = LoginResult::success($loginData);
 		$loginChain->expects($this->once())
@@ -540,10 +564,11 @@ public function testLoginWithValidCredentials(): void {
 			->willReturn('/default/foo');
 
 		$expected = new RedirectResponse('/default/foo');
-		$this->assertEquals($expected, $this->loginController->tryLogin($loginChain, $trustedDomainHelper, $user, $password));
+		$this->assertEquals($expected, $this->loginController->tryLogin($loginChain, $trustedDomainHelper, $user, $password, $rememberme));
 	}
 
-	public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(): void {
+	#[DataProvider('remembermeProvider')]
+	public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(bool $rememberme): void {
 		/** @var IUser|MockObject $user */
 		$user = $this->createMock(IUser::class);
 		$user->expects($this->any())
@@ -567,14 +592,15 @@ public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(): void {
 		$this->userSession->expects($this->never())
 			->method('createRememberMeToken');
 
-		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, 'Jane', $password, $originalUrl);
+		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, 'Jane', $password, $rememberme, $originalUrl);
 
 		$expected = new RedirectResponse('');
 		$expected->throttle(['user' => 'Jane']);
 		$this->assertEquals($expected, $response);
 	}
 
-	public function testLoginWithoutPassedCsrfCheckAndLoggedIn(): void {
+	#[DataProvider('remembermeProvider')]
+	public function testLoginWithoutPassedCsrfCheckAndLoggedIn(bool $rememberme): void {
 		/** @var IUser|MockObject $user */
 		$user = $this->createMock(IUser::class);
 		$user->expects($this->any())
@@ -607,13 +633,14 @@ public function testLoginWithoutPassedCsrfCheckAndLoggedIn(): void {
 			->with('remember_login_cookie_lifetime')
 			->willReturn(1234);
 
-		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, 'Jane', $password, $originalUrl);
+		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, 'Jane', $password, $rememberme, $originalUrl);
 
 		$expected = new RedirectResponse($redirectUrl);
 		$this->assertEquals($expected, $response);
 	}
 
-	public function testLoginWithValidCredentialsAndRedirectUrl(): void {
+	#[DataProvider('remembermeProvider')]
+	public function testLoginWithValidCredentialsAndRedirectUrl(bool $rememberme): void {
 		$user = 'MyUserName';
 		$password = 'secret';
 		$redirectUrl = 'https://next.cloud/apps/mail';
@@ -628,6 +655,7 @@ public function testLoginWithValidCredentialsAndRedirectUrl(): void {
 			$this->request,
 			$user,
 			$password,
+			$rememberme,
 			'/apps/mail'
 		);
 		$loginResult = LoginResult::success($loginData);
@@ -644,12 +672,13 @@ public function testLoginWithValidCredentialsAndRedirectUrl(): void {
 			->willReturn($redirectUrl);
 		$expected = new RedirectResponse($redirectUrl);
 
-		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, $user, $password, '/apps/mail');
+		$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, $user, $password, $rememberme, '/apps/mail');
 
 		$this->assertEquals($expected, $response);
 	}
 
-	public function testToNotLeakLoginName(): void {
+	#[DataProvider('remembermeProvider')]
+	public function testToNotLeakLoginName(bool $rememberme): void {
 		$loginChain = $this->createMock(LoginChain::class);
 		$trustedDomainHelper = $this->createMock(ITrustedDomainHelper::class);
 		$trustedDomainHelper->method('isTrustedUrl')->willReturn(true);
@@ -662,6 +691,7 @@ public function testToNotLeakLoginName(): void {
 			$this->request,
 			'[email protected]',
 			'just wrong',
+			$rememberme,
 			'/apps/files'
 		);
 		$loginResult = LoginResult::failure($loginData, LoginController::LOGIN_MSG_INVALIDPASSWORD);
@@ -688,6 +718,7 @@ public function testToNotLeakLoginName(): void {
 			$trustedDomainHelper,
 			'[email protected]',
 			'just wrong',
+			$rememberme,
 			'/apps/files'
 		);
 

tests/lib/Authentication/Login/ALoginTestCommand.php

@@ -83,6 +83,7 @@ protected function getLoggedInLoginDataWithRedirectUrl(): LoginData {
 			$this->request,
 			$this->username,
 			$this->password,
+			true,
 			$this->redirectUrl
 		);
 		$data->setUser($this->user);
@@ -94,6 +95,7 @@ protected function getLoggedInLoginDataWithTimezone(): LoginData {
 			$this->request,
 			$this->username,
 			$this->password,
+			true,
 			null,
 			$this->timezone,
 			$this->timeZoneOffset