Unverified Commit c20cdc22 authored by Christoph Wurst's avatar Christoph Wurst
Browse files

invalidate user session if the user is disabled

parent dec3f9eb
......@@ -206,7 +206,7 @@ class Session implements IUserSession, Emitter {
return;
}
// Check whether login credentials are still valid
// Check whether login credentials are still valid and the user was not disabled
// This check is performed each 5 minutes
$lastCheck = $this->session->get('last_login_check') ? : 0;
$now = $this->timeFacory->getTime();
......@@ -219,8 +219,9 @@ class Session implements IUserSession, Emitter {
return;
}
if ($this->manager->checkPassword($user->getUID(), $pwd) === false) {
// Password has changed -> log user out
if ($this->manager->checkPassword($user->getUID(), $pwd) === false
|| !$user->isEnabled()) {
// Password has changed or user was disabled -> log user out
$this->logout();
return;
}
......
......@@ -509,4 +509,51 @@ class SessionTest extends \Test\TestCase {
$this->assertFalse($userSession->tryTokenLogin($request));
}
public function testValidateSessionDisabledUser() {
$userManager = $this->getMock('\OCP\IUserManager');
$session = $this->getMock('\OCP\ISession');
$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
$userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider])
->setMethods(['logout'])
->getMock();
$user = $this->getMock('\OCP\IUser');
$token = $this->getMock('\OC\Authentication\Token\IToken');
$session->expects($this->once())
->method('getId')
->will($this->returnValue('sessionid'));
$tokenProvider->expects($this->once())
->method('getToken')
->with('sessionid')
->will($this->returnValue($token));
$session->expects($this->once())
->method('get')
->with('last_login_check')
->will($this->returnValue(1000));
$timeFactory->expects($this->once())
->method('getTime')
->will($this->returnValue(5000));
$tokenProvider->expects($this->once())
->method('getPassword')
->with($token, 'sessionid')
->will($this->returnValue('123456'));
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('user5'));
$userManager->expects($this->once())
->method('checkPassword')
->with('user5', '123456')
->will($this->returnValue(true));
$user->expects($this->once())
->method('isEnabled')
->will($this->returnValue(false));
$userSession->expects($this->once())
->method('logout');
$this->invokePrivate($userSession, 'validateSession', [$user]);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment