Unverified Commit 46580749 authored by Christoph Wurst's avatar Christoph Wurst
Browse files

create session token only for clients that support cookies

parent 331d88bc
......@@ -159,7 +159,7 @@ class AuthTest extends TestCase {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->exactly(4))
$user->expects($this->exactly(3))
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
......@@ -167,7 +167,7 @@ class AuthTest extends TestCase {
->method('isLoggedIn')
->will($this->returnValue(true));
$this->userSession
->expects($this->exactly(4))
->expects($this->exactly(3))
->method('getUser')
->will($this->returnValue($user));
$this->session
......@@ -178,12 +178,8 @@ class AuthTest extends TestCase {
$this->userSession
->expects($this->once())
->method('logClientIn')
->with('MyTestUser', 'MyTestPassword')
->with('MyTestUser', 'MyTestPassword', $this->request)
->will($this->returnValue(true));
$this->userSession
->expects($this->once())
->method('createSessionToken')
->with($this->request, 'MyTestUser', 'MyTestUser', 'MyTestPassword');
$this->session
->expects($this->once())
->method('set')
......@@ -626,17 +622,14 @@ class AuthTest extends TestCase {
->method('logClientIn')
->with('username', 'password')
->will($this->returnValue(true));
$this->userSession
->expects($this->once())
->method('createSessionToken');
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->exactly(4))
$user->expects($this->exactly(3))
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->exactly(4))
->expects($this->exactly(3))
->method('getUser')
->will($this->returnValue($user));
$response = $this->auth->check($server->httpRequest, $server->httpResponse);
......
......@@ -370,11 +370,21 @@ class Session implements IUserSession, Emitter {
return false;
}
$this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
if ($this->supportsCookies($request)) {
$this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
}
return true;
}
protected function supportsCookies(IRequest $request) {
if (!is_null($request->getCookie('cookie_test'))) {
return true;
}
setcookie('cookie_test', 'test', $this->timeFacory->getTime() + 3600);
return false;
}
private function isTokenAuthEnforced() {
return $this->config->getSystemValue('token_auth_enforced', false);
}
......@@ -432,7 +442,6 @@ class Session implements IUserSession, Emitter {
*/
public function tryBasicAuthLogin(IRequest $request) {
if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) {
$request = \OC::$server->getRequest();
$result = $this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request);
if ($result === true) {
/**
......
......@@ -311,11 +311,13 @@ class SessionTest extends \Test\TestCase {
->disableOriginalConstructor()
->getMock();
$session = $this->getMock('\OCP\ISession');
$request = $this->getMock('\OCP\IRequest');
$user = $this->getMock('\OCP\IUser');
/** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])
->setMethods(['login'])
->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$this->tokenProvider->expects($this->once())
......@@ -327,7 +329,46 @@ class SessionTest extends \Test\TestCase {
->with('token_auth_enforced', false)
->will($this->returnValue(true));
$this->assertFalse($userSession->logClientIn('john', 'doe'));
$this->assertFalse($userSession->logClientIn('john', 'doe', $request));
}
public function testLogClientInWithTokenPassword() {
$manager = $this->getMockBuilder('\OC\User\Manager')
->disableOriginalConstructor()
->getMock();
$session = $this->getMock('\OCP\ISession');
$request = $this->getMock('\OCP\IRequest');
$user = $this->getMock('\OCP\IUser');
/** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])
->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$userSession->expects($this->once())
->method('isTokenPassword')
->will($this->returnValue(true));
$userSession->expects($this->once())
->method('login')
->with('john', 'doe')
->will($this->returnValue(true));
$userSession->expects($this->once())
->method('supportsCookies')
->with($request)
->will($this->returnValue(true));
$userSession->expects($this->once())
->method('getUser')
->will($this->returnValue($user));
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('user123'));
$userSession->expects($this->once())
->method('createSessionToken')
->with($request, 'user123', 'john', 'doe');
$this->assertTrue($userSession->logClientIn('john', 'doe', $request));
}
public function testLogClientInNoTokenPasswordNo2fa() {
......@@ -336,6 +377,7 @@ class SessionTest extends \Test\TestCase {
->getMock();
$session = $this->getMock('\OCP\ISession');
$user = $this->getMock('\OCP\IUser');
$request = $this->getMock('\OCP\IRequest');
/** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder('\OC\User\Session')
......@@ -357,7 +399,7 @@ class SessionTest extends \Test\TestCase {
->with('john')
->will($this->returnValue(true));
$this->assertFalse($userSession->logClientIn('john', 'doe'));
$this->assertFalse($userSession->logClientIn('john', 'doe', $request));
}
public function testRememberLoginValidToken() {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment