From 2eadf9d567379e04a0dd8b483e6fe7e3e926716b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Tue, 21 Apr 2020 10:54:22 +0200
Subject: [PATCH] Do not create remember me cookie
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 .../Login/FinishRememberedLoginCommand.php    |  8 ++++--
 .../FinishRememberedLoginCommandTest.php      | 25 ++++++++++++++++++-
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/lib/private/Authentication/Login/FinishRememberedLoginCommand.php b/lib/private/Authentication/Login/FinishRememberedLoginCommand.php
index 1d33f103fd..8f60c893ec 100644
--- a/lib/private/Authentication/Login/FinishRememberedLoginCommand.php
+++ b/lib/private/Authentication/Login/FinishRememberedLoginCommand.php
@@ -26,18 +26,22 @@ declare(strict_types=1);
 namespace OC\Authentication\Login;
 
 use OC\User\Session;
+use OCP\IConfig;
 
 class FinishRememberedLoginCommand extends ALoginCommand {
 
 	/** @var Session */
 	private $userSession;
+	/** @var IConfig */
+	private $config;
 
-	public function __construct(Session $userSession) {
+	public function __construct(Session $userSession, IConfig $config) {
 		$this->userSession = $userSession;
+		$this->config = $config;
 	}
 
 	public function process(LoginData $loginData): LoginResult {
-		if ($loginData->isRememberLogin()) {
+		if ($loginData->isRememberLogin() && $this->config->getSystemValue('auto_logout', false) === false) {
 			$this->userSession->createRememberMeToken($loginData->getUser());
 		}
 
diff --git a/tests/lib/Authentication/Login/FinishRememberedLoginCommandTest.php b/tests/lib/Authentication/Login/FinishRememberedLoginCommandTest.php
index 98df129771..7b46121945 100644
--- a/tests/lib/Authentication/Login/FinishRememberedLoginCommandTest.php
+++ b/tests/lib/Authentication/Login/FinishRememberedLoginCommandTest.php
@@ -27,20 +27,25 @@ namespace lib\Authentication\Login;
 
 use OC\Authentication\Login\FinishRememberedLoginCommand;
 use OC\User\Session;
+use OCP\IConfig;
 use PHPUnit\Framework\MockObject\MockObject;
 
 class FinishRememberedLoginCommandTest extends ALoginCommandTest {
 
 	/** @var Session|MockObject */
 	private $userSession;
+	/** @var IConfig|MockObject */
+	private $config;
 
 	protected function setUp(): void {
 		parent::setUp();
 
 		$this->userSession = $this->createMock(Session::class);
+		$this->config = $this->createMock(IConfig::class);
 
 		$this->cmd = new FinishRememberedLoginCommand(
-			$this->userSession
+			$this->userSession,
+			$this->config
 		);
 	}
 
@@ -57,6 +62,10 @@ class FinishRememberedLoginCommandTest extends ALoginCommandTest {
 
 	public function testProcess() {
 		$data = $this->getLoggedInLoginData();
+		$this->config->expects($this->once())
+			->method('getSystemValue')
+			->with('auto_logout', false)
+			->willReturn(false);
 		$this->userSession->expects($this->once())
 			->method('createRememberMeToken')
 			->with($this->user);
@@ -65,4 +74,18 @@ class FinishRememberedLoginCommandTest extends ALoginCommandTest {
 
 		$this->assertTrue($result->isSuccess());
 	}
+
+	public function testProcessNotRemeberedLoginWithAutologout() {
+		$data = $this->getLoggedInLoginData();
+		$this->config->expects($this->once())
+			->method('getSystemValue')
+			->with('auto_logout', false)
+			->willReturn(true);
+		$this->userSession->expects($this->never())
+			->method('createRememberMeToken');
+
+		$result = $this->cmd->process($data);
+
+		$this->assertTrue($result->isSuccess());
+	}
 }