mirror of
https://github.com/nextcloud/server.git
synced 2026-05-25 18:52:53 -04:00
Merge pull request #52058 from nextcloud/backport/51905/stable26
[stable26] fix(session): Only mark sessions of permanent tokens as app passwords
This commit is contained in:
Joas Schilling
GitHub
commit
0249cf7c68
2 changed files with 42 additions and 3 deletions
|
|
@ -883,9 +883,8 @@ class Session implements IUserSession, Emitter {
|
|||
return true;
|
||||
}
|
||||
|
||||
// Remember me tokens are not app_passwords
|
||||
if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
|
||||
// Set the session variable so we know this is an app password
|
||||
// Set the session variable so we know this is an app password
|
||||
if ($dbToken instanceof \OC\Authentication\Token\PublicKeyToken && $dbToken->getType() === IToken::PERMANENT_TOKEN) {
|
||||
$this->session->set('app_password', $token);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ use OCP\IUser;
|
|||
use OCP\Lockdown\ILockdownManager;
|
||||
use OCP\Security\ISecureRandom;
|
||||
use OCP\User\Events\PostLoginEvent;
|
||||
use PHPUnit\Framework\ExpectationFailedException;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
|
|
@ -533,6 +534,45 @@ class SessionTest extends \Test\TestCase {
|
|||
self::assertFalse($loginResult);
|
||||
}
|
||||
|
||||
public function testTryTokenLoginNotAnAppPassword(): void {
|
||||
$request = $this->createMock(IRequest::class);
|
||||
$this->config->expects(self::once())
|
||||
->method('getSystemValueString')
|
||||
->with('instanceid')
|
||||
->willReturn('abc123');
|
||||
$request->method('getHeader')->with('Authorization')->willReturn('');
|
||||
$request->method('getCookie')->with('abc123')->willReturn('abcde12345');
|
||||
$this->session->expects(self::once())
|
||||
->method('getId')
|
||||
->willReturn('abcde12345');
|
||||
$dbToken = new PublicKeyToken();
|
||||
$dbToken->setId(42);
|
||||
$dbToken->setUid('johnny');
|
||||
$dbToken->setLoginName('johnny');
|
||||
$dbToken->setLastCheck(0);
|
||||
$dbToken->setType(IToken::TEMPORARY_TOKEN);
|
||||
$dbToken->setRemember(IToken::REMEMBER);
|
||||
$this->tokenProvider->expects(self::any())
|
||||
->method('getToken')
|
||||
->with('abcde12345')
|
||||
->willReturn($dbToken);
|
||||
$this->session->method('set')
|
||||
->willReturnCallback(function ($key, $value) {
|
||||
if ($key === 'app_password') {
|
||||
throw new ExpectationFailedException('app_password should not be set in session');
|
||||
}
|
||||
});
|
||||
$user = $this->createMock(IUser::class);
|
||||
$user->method('isEnabled')->willReturn(true);
|
||||
$this->manager->method('get')
|
||||
->with('johnny')
|
||||
->willReturn($user);
|
||||
|
||||
$loginResult = $this->userSession->tryTokenLogin($request);
|
||||
|
||||
self::assertTrue($loginResult);
|
||||
}
|
||||
|
||||
public function testRememberLoginValidToken() {
|
||||
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
|
||||
$managerMethods = get_class_methods(Manager::class);
|
||||
|
|
|
|||
Loading…
Reference in a new issue