Skip to content

Commit acf8ea1

Browse files
ChristophWurstChristophWurst
authored
Merge pull request #44670 from nextcloud/fix/session/no-authtoken-password-no-check
fix(session): Do not update authtoken last_check for passwordless
2 parents a2fefbc + 21ee7f5 commit acf8ea1

File tree

2 files changed

+78
-2
lines changed

2 files changed

+78
-2
lines changed

lib/private/User/Session.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -767,8 +767,6 @@ private function checkTokenCredentials(IToken $dbToken, $token) {
767767
return false;
768768
}
769769

770-
$dbToken->setLastCheck($now);
771-
$this->tokenProvider->updateToken($dbToken);
772770
return true;
773771
}
774772

tests/lib/User/SessionTest.php

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,11 @@
1111
use OC\AppFramework\Http\Request;
1212
use OC\Authentication\Events\LoginFailed;
1313
use OC\Authentication\Exceptions\InvalidTokenException;
14+
use OC\Authentication\Exceptions\PasswordlessTokenException;
1415
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
1516
use OC\Authentication\Token\IProvider;
1617
use OC\Authentication\Token\IToken;
18+
use OC\Authentication\Token\PublicKeyToken;
1719
use OC\Security\CSRF\CsrfTokenManager;
1820
use OC\Session\Memory;
1921
use OC\User\LoginException;
@@ -35,6 +37,8 @@
3537
use OCP\User\Events\PostLoginEvent;
3638
use PHPUnit\Framework\MockObject\MockObject;
3739
use Psr\Log\LoggerInterface;
40+
use function array_diff;
41+
use function get_class_methods;
3842

3943
/**
4044
* @group DB
@@ -309,6 +313,80 @@ public function testLoginInvalidPassword() {
309313
$userSession->login('foo', 'bar');
310314
}
311315

316+
public function testPasswordlessLoginNoLastCheckUpdate(): void {
317+
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
318+
$managerMethods = get_class_methods(Manager::class);
319+
// Keep following methods intact in order to ensure hooks are working
320+
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
321+
$manager = $this->getMockBuilder(Manager::class)
322+
->setMethods($mockedManagerMethods)
323+
->setConstructorArgs([
324+
$this->config,
325+
$this->createMock(ICacheFactory::class),
326+
$this->createMock(IEventDispatcher::class),
327+
])
328+
->getMock();
329+
$userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
330+
331+
$session->expects($this->never())
332+
->method('set');
333+
$session->expects($this->once())
334+
->method('regenerateId');
335+
$token = new PublicKeyToken();
336+
$token->setLoginName('foo');
337+
$token->setLastCheck(0); // Never
338+
$token->setUid('foo');
339+
$this->tokenProvider
340+
->method('getPassword')
341+
->with($token)
342+
->willThrowException(new PasswordlessTokenException());
343+
$this->tokenProvider
344+
->method('getToken')
345+
->with('app-password')
346+
->willReturn($token);
347+
$this->tokenProvider->expects(self::never())
348+
->method('updateToken');
349+
350+
$userSession->login('foo', 'app-password');
351+
}
352+
353+
public function testLoginLastCheckUpdate(): void {
354+
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
355+
$managerMethods = get_class_methods(Manager::class);
356+
// Keep following methods intact in order to ensure hooks are working
357+
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
358+
$manager = $this->getMockBuilder(Manager::class)
359+
->setMethods($mockedManagerMethods)
360+
->setConstructorArgs([
361+
$this->config,
362+
$this->createMock(ICacheFactory::class),
363+
$this->createMock(IEventDispatcher::class),
364+
])
365+
->getMock();
366+
$userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
367+
368+
$session->expects($this->never())
369+
->method('set');
370+
$session->expects($this->once())
371+
->method('regenerateId');
372+
$token = new PublicKeyToken();
373+
$token->setLoginName('foo');
374+
$token->setLastCheck(0); // Never
375+
$token->setUid('foo');
376+
$this->tokenProvider
377+
->method('getPassword')
378+
->with($token)
379+
->willReturn('secret');
380+
$this->tokenProvider
381+
->method('getToken')
382+
->with('app-password')
383+
->willReturn($token);
384+
$this->tokenProvider->expects(self::once())
385+
->method('updateToken');
386+
387+
$userSession->login('foo', 'app-password');
388+
}
389+
312390
public function testLoginNonExisting() {
313391
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
314392
$manager = $this->createMock(Manager::class);

0 commit comments

Comments
 (0)