From 6f86e468d4d9bcf50143e37905923d74ac423a7e Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Mon, 31 Oct 2016 09:36:55 +0100 Subject: [PATCH] inject ISecureRandom into user session and use injected config too Signed-off-by: Christoph Wurst --- lib/private/Server.php | 2 +- lib/private/User/Session.php | 29 +++++---- tests/lib/User/SessionTest.php | 109 ++++++++++++++++++--------------- 3 files changed, 79 insertions(+), 61 deletions(-) diff --git a/lib/private/Server.php b/lib/private/Server.php index 7931e08074..d911d60303 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -242,7 +242,7 @@ class Server extends ServerContainer implements IServerContainer { $defaultTokenProvider = null; } - $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig()); + $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom()); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); }); diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 68f17747a0..7215cbe418 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -48,6 +48,7 @@ use OCP\ISession; use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; +use OCP\Security\ISecureRandom; use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Util; @@ -89,23 +90,29 @@ class Session implements IUserSession, Emitter { /** @var User $activeUser */ protected $activeUser; + /** @var ISecureRandom */ + private $random; + /** * @param IUserManager $manager * @param ISession $session * @param ITimeFactory $timeFacory * @param IProvider $tokenProvider * @param IConfig $config + * @param ISecureRandom $random */ public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider, - IConfig $config) { + IConfig $config, + ISecureRandom $random) { $this->manager = $manager; $this->session = $session; $this->timeFacory = $timeFacory; $this->tokenProvider = $tokenProvider; $this->config = $config; + $this->random = $random; } /** @@ -701,7 +708,7 @@ class Session implements IUserSession, Emitter { } // replace successfully used token with a new one $this->config->deleteUserValue($uid, 'login_token', $currentToken); - $newToken = OC::$server->getSecureRandom()->generate(32); + $newToken = $this->random->generate(32); $this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFacory->getTime()); try { @@ -726,8 +733,8 @@ class Session implements IUserSession, Emitter { * @param IUser $user */ public function createRememberMeToken(IUser $user) { - $token = OC::$server->getSecureRandom()->generate(32); - $this->config->setUserValue($user->getUID(), 'login_token', $token, time()); + $token = $this->random->generate(32); + $this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFacory->getTime()); $this->setMagicInCookie($user->getUID(), $token); } @@ -763,7 +770,7 @@ class Session implements IUserSession, Emitter { $webRoot = '/'; } - $expires = $this->timeFacory->getTime() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); + $expires = $this->timeFacory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true); setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true); try { @@ -783,14 +790,14 @@ class Session implements IUserSession, Emitter { unset($_COOKIE['nc_username']); //TODO: DI unset($_COOKIE['nc_token']); unset($_COOKIE['nc_session_id']); - setcookie('nc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); - setcookie('nc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); - setcookie('nc_session_id', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); + setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); + setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); + setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); // old cookies might be stored under /webroot/ instead of /webroot // and Firefox doesn't like it! - setcookie('nc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); - setcookie('nc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); - setcookie('nc_session_id', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); + setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); + setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); + setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); } /** diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index c324870a60..f4237e94cd 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -39,8 +39,10 @@ class SessionTest extends \Test\TestCase { protected $tokenProvider; /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */ private $config; - /** @var Throttler */ + /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */ private $throttler; + /** @var ISecureRandom|\PHPUnit_Framework_MockObject_MockObject */ + private $random; protected function setUp() { parent::setUp(); @@ -52,6 +54,7 @@ class SessionTest extends \Test\TestCase { $this->tokenProvider = $this->createMock(IProvider::class); $this->config = $this->createMock(IConfig::class); $this->throttler = $this->createMock(Throttler::class); + $this->random = $this->createMock(ISecureRandom::class); \OC_User::setIncognitoMode(false); } @@ -107,7 +110,7 @@ class SessionTest extends \Test\TestCase { ->with($expectedUser->getUID()) ->will($this->returnValue($expectedUser)); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $user = $userSession->getUser(); $this->assertSame($expectedUser, $user); $this->assertSame(10000, $token->getLastCheck()); @@ -129,7 +132,7 @@ class SessionTest extends \Test\TestCase { $manager = $this->createMock(Manager::class); $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods([ 'getUser' ]) @@ -156,7 +159,7 @@ class SessionTest extends \Test\TestCase { ->method('getUID') ->will($this->returnValue('foo')); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession->setUser($user); } @@ -185,8 +188,8 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); - ->setMethods($managerMethods) + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) ->setConstructorArgs([$this->config]) ->getMock(); @@ -208,7 +211,7 @@ class SessionTest extends \Test\TestCase { ->will($this->returnValue($user)); $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods([ 'prepareUserLogin' ]) @@ -236,8 +239,8 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(\OC\User\Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); - ->setMethods($managerMethods) + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) ->setConstructorArgs([$this->config]) ->getMock(); @@ -255,7 +258,7 @@ class SessionTest extends \Test\TestCase { ->with('foo', 'bar') ->will($this->returnValue($user)); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession->login('foo', 'bar'); } @@ -264,12 +267,12 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(\OC\User\Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); - ->setMethods($managerMethods) + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) ->setConstructorArgs([$this->config]) ->getMock(); $backend = $this->createMock(\Test\Util\User\Dummy::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock(); @@ -298,7 +301,7 @@ class SessionTest extends \Test\TestCase { public function testLoginNonExisting() { $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); $manager = $this->createMock(Manager::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $session->expects($this->never()) ->method('set'); @@ -324,7 +327,7 @@ class SessionTest extends \Test\TestCase { public function testLoginWithDifferentTokenLoginName() { $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); $manager = $this->createMock(Manager::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $username = 'user123'; $token = new \OC\Authentication\Token\DefaultToken(); $token->setLoginName($username); @@ -356,7 +359,7 @@ class SessionTest extends \Test\TestCase { /** @var \OC\User\Session $userSession */ $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) ->getMock(); @@ -392,7 +395,7 @@ class SessionTest extends \Test\TestCase { /** @var Session $userSession */ $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) ->getMock(); @@ -415,7 +418,7 @@ class SessionTest extends \Test\TestCase { /** @var \OC\User\Session $userSession */ $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser']) ->getMock(); @@ -457,7 +460,7 @@ class SessionTest extends \Test\TestCase { /** @var \OC\User\Session $userSession */ $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods(['login', 'isTwoFactorEnforced']) ->getMock(); @@ -497,20 +500,20 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(\OC\User\Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) + ->setConstructorArgs([$this->config]) + ->getMock(); $userSession = $this->getMockBuilder(Session::class) //override, otherwise tests will fail because of setcookie() ->setMethods(['setMagicInCookie']) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->getMock(); $user = $this->createMock(IUser::class); $token = 'goodToken'; $oldSessionId = 'sess321'; $sessionId = 'sess123'; - ->setMethods($managerMethods) - ->setConstructorArgs([$this->config]) - ->getMock(); $session->expects($this->once()) ->method('regenerateId'); @@ -525,8 +528,13 @@ class SessionTest extends \Test\TestCase { $this->config->expects($this->once()) ->method('deleteUserValue') ->with('foo', 'login_token', $token); + $this->random->expects($this->once()) + ->method('generate') + ->with(32) + ->will($this->returnValue('abcdefg123456')); $this->config->expects($this->once()) - ->method('setUserValue'); // TODO: mock new random value + ->method('setUserValue') + ->with('foo', 'login_token', 'abcdefg123456', 10000); $session->expects($this->once()) ->method('getId') @@ -557,11 +565,14 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(\OC\User\Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) + ->setConstructorArgs([$this->config]) + ->getMock(); $userSession = $this->getMockBuilder(Session::class) //override, otherwise tests will fail because of setcookie() ->setMethods(['setMagicInCookie']) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->getMock(); $user = $this->createMock(IUser::class); @@ -592,9 +603,6 @@ class SessionTest extends \Test\TestCase { ->method('renewSessionToken') ->with($oldSessionId, $sessionId) ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException())); - ->setMethods($managerMethods) - ->setConstructorArgs([$this->config]) - ->getMock(); $user->expects($this->never()) ->method('getUID') @@ -617,11 +625,14 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(\OC\User\Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) + ->setConstructorArgs([$this->config]) + ->getMock(); $userSession = $this->getMockBuilder(Session::class) //override, otherwise tests will fail because of setcookie() ->setMethods(['setMagicInCookie']) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->getMock(); $user = $this->createMock(IUser::class); @@ -662,20 +673,20 @@ class SessionTest extends \Test\TestCase { $managerMethods = get_class_methods(\OC\User\Manager::class); //keep following methods intact in order to ensure hooks are working $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']); - $manager = $this->getMockBuilder(Manager::class)->setMethods($mockedManagerMethods)->getMock(); + $manager = $this->getMockBuilder(Manager::class) + ->setMethods($mockedManagerMethods) + ->setConstructorArgs([$this->config]) + ->getMock(); $userSession = $this->getMockBuilder(Session::class) //override, otherwise tests will fail because of setcookie() ->setMethods(['setMagicInCookie']) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->getMock(); $token = 'goodToken'; $oldSessionId = 'sess321'; $session->expects($this->once()) ->method('regenerateId'); - ->setMethods($managerMethods) - ->setConstructorArgs([$this->config]) - ->getMock(); $manager->expects($this->once()) ->method('get') ->with('foo') @@ -717,7 +728,7 @@ class SessionTest extends \Test\TestCase { $session = new Memory(''); $session->set('user_id', 'foo'); $userSession = $this->getMockBuilder('\OC\User\Session') - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setMethods([ 'validateSession' ]) @@ -738,7 +749,7 @@ class SessionTest extends \Test\TestCase { $session = $this->createMock(ISession::class); $token = $this->createMock(IToken::class); $user = $this->createMock(IUser::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $random = $this->createMock(ISecureRandom::class); $config = $this->createMock(IConfig::class); @@ -782,7 +793,7 @@ class SessionTest extends \Test\TestCase { $session = $this->createMock(ISession::class); $token = $this->createMock(IToken::class); $user = $this->createMock(IUser::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $random = $this->createMock(ISecureRandom::class); $config = $this->createMock(IConfig::class); @@ -829,7 +840,7 @@ class SessionTest extends \Test\TestCase { ->disableOriginalConstructor() ->getMock(); $session = $this->createMock(ISession::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config); + $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $request = $this->createMock(IRequest::class); $uid = 'user123'; @@ -859,7 +870,7 @@ class SessionTest extends \Test\TestCase { $user = $this->createMock(IUser::class); $userSession = $this->getMockBuilder('\OC\User\Session') ->setMethods(['logout']) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->getMock(); $request = $this->createMock(IRequest::class); @@ -888,7 +899,7 @@ class SessionTest extends \Test\TestCase { $timeFactory = $this->createMock(ITimeFactory::class); $tokenProvider = $this->createMock(IProvider::class); $userSession = $this->getMockBuilder('\OC\User\Session') - ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config]) + ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random]) ->setMethods(['logout']) ->getMock(); @@ -935,7 +946,7 @@ class SessionTest extends \Test\TestCase { $timeFactory = $this->createMock(ITimeFactory::class); $tokenProvider = $this->createMock(IProvider::class); $userSession = $this->getMockBuilder('\OC\User\Session') - ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config]) + ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random]) ->setMethods(['logout']) ->getMock(); @@ -969,7 +980,7 @@ class SessionTest extends \Test\TestCase { $session = $this->createMock(ISession::class); $timeFactory = $this->createMock(ITimeFactory::class); $tokenProvider = $this->createMock(IProvider::class); - $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config); + $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $password = '123456'; $sessionId = 'session1234'; @@ -994,7 +1005,7 @@ class SessionTest extends \Test\TestCase { $session = $this->createMock(ISession::class); $timeFactory = $this->createMock(ITimeFactory::class); $tokenProvider = $this->createMock(IProvider::class); - $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config); + $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $session->expects($this->once()) ->method('getId') @@ -1008,7 +1019,7 @@ class SessionTest extends \Test\TestCase { $session = $this->createMock(ISession::class); $timeFactory = $this->createMock(ITimeFactory::class); $tokenProvider = $this->createMock(IProvider::class); - $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config); + $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $password = '123456'; $sessionId = 'session1234'; @@ -1048,7 +1059,7 @@ class SessionTest extends \Test\TestCase { $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); /** @var \OC\User\Session $userSession */ - $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config); + $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random); $mapper->expects($this->any()) ->method('getToken') @@ -1098,7 +1109,7 @@ class SessionTest extends \Test\TestCase { $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); /** @var \OC\User\Session $userSession */ - $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config); + $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random); $mapper->expects($this->any()) ->method('getToken')