Move logout to controller

Testable code. Yay.
This commit is contained in:
Lukas Reschke 2016-04-18 12:14:07 +02:00
parent 51975d360a
commit 8222ad5157
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
10 changed files with 95 additions and 38 deletions

View File

@ -97,7 +97,8 @@ class Application extends App {
$c->query('UserManager'), $c->query('UserManager'),
$c->query('Config'), $c->query('Config'),
$c->query('Session'), $c->query('Session'),
$c->query('UserSession') $c->query('UserSession'),
$c->query('URLGenerator')
); );
}); });

View File

@ -28,6 +28,7 @@ use OCP\AppFramework\Http\TemplateResponse;
use OCP\IConfig; use OCP\IConfig;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUser; use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
@ -41,6 +42,8 @@ class LoginController extends Controller {
private $session; private $session;
/** @var IUserSession */ /** @var IUserSession */
private $userSession; private $userSession;
/** @var IURLGenerator */
private $urlGenerator;
/** /**
* @param string $appName * @param string $appName
@ -49,18 +52,37 @@ class LoginController extends Controller {
* @param IConfig $config * @param IConfig $config
* @param ISession $session * @param ISession $session
* @param IUserSession $userSession * @param IUserSession $userSession
* @param IURLGenerator $urlGenerator
*/ */
function __construct($appName, function __construct($appName,
IRequest $request, IRequest $request,
IUserManager $userManager, IUserManager $userManager,
IConfig $config, IConfig $config,
ISession $session, ISession $session,
IUserSession $userSession) { IUserSession $userSession,
IURLGenerator $urlGenerator) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
$this->userManager = $userManager; $this->userManager = $userManager;
$this->config = $config; $this->config = $config;
$this->session = $session; $this->session = $session;
$this->userSession = $userSession; $this->userSession = $userSession;
$this->urlGenerator = $urlGenerator;
}
/**
* @NoAdminRequired
* @UseSession
*
* @return RedirectResponse
*/
public function logout() {
$loginToken = $this->request->getCookie('oc_token');
if (!is_null($loginToken)) {
$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
}
$this->userSession->logout();
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
} }
/** /**

View File

@ -43,6 +43,7 @@ $application->registerRoutes($this, [
['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'], ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'], ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
] ]
]); ]);

View File

@ -858,7 +858,7 @@ class OC {
} }
} }
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { if (!self::$CLI) {
try { try {
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) { if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(array('filesystem', 'logging'));
@ -897,31 +897,13 @@ class OC {
return; return;
} }
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
return;
}
// Someone is logged in // Someone is logged in
if (OC_User::isLoggedIn()) { if (OC_User::isLoggedIn()) {
OC_App::loadApps(); OC_App::loadApps();
OC_User::setupBackends(); OC_User::setupBackends();
OC_Util::setupFS(); OC_Util::setupFS();
if (isset($_GET["logout"]) and ($_GET["logout"])) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
\OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
} else {
// Redirect to default application // Redirect to default application
OC_Util::redirectToDefaultPage(); OC_Util::redirectToDefaultPage();
}
} else { } else {
// Not handled and not logged in // Not handled and not logged in
self::handleLogin(); self::handleLogin();

View File

@ -179,7 +179,7 @@ class OC_API {
$response = self::mergeResponses($responses); $response = self::mergeResponses($responses);
$format = self::requestedFormat(); $format = self::requestedFormat();
if (self::$logoutRequired) { if (self::$logoutRequired) {
OC_User::logout(); \OC::$server->getUserSession()->logout();
} }
self::respond($response, $format); self::respond($response, $format);

View File

@ -368,7 +368,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
/** /**
* Shortcut for getting cookie variables * Shortcut for getting cookie variables
* @param string $key the key that will be taken from the $_COOKIE array * @param string $key the key that will be taken from the $_COOKIE array
* @return array the value in the $_COOKIE element * @return string the value in the $_COOKIE element
*/ */
public function getCookie($key) { public function getCookie($key) {
return isset($this->cookies[$key]) ? $this->cookies[$key] : null; return isset($this->cookies[$key]) ? $this->cookies[$key] : null;

View File

@ -267,15 +267,6 @@ class OC_User {
} }
} }
/**
* Logs the current user out and kills all the session data
*
* Logout, destroys session
*/
public static function logout() {
self::getUserSession()->logout();
}
/** /**
* Tries to login the user with HTTP Basic Authentication * Tries to login the user with HTTP Basic Authentication
*/ */
@ -342,7 +333,14 @@ class OC_User {
return $backend->getLogoutAttribute(); return $backend->getLogoutAttribute();
} }
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(\OCP\Util::callRegister()) . '"'; $logoutUrl = \OC::$server->getURLGenerator()->linkToRouteAbsolute(
'core.login.logout',
[
'requesttoken' => \OCP\Util::callRegister(),
]
);
return 'href="'.$logoutUrl.'"';
} }
/** /**

View File

@ -129,7 +129,7 @@ interface IRequest {
* Shortcut for getting cookie variables * Shortcut for getting cookie variables
* *
* @param string $key the key that will be taken from the $_COOKIE array * @param string $key the key that will be taken from the $_COOKIE array
* @return array the value in the $_COOKIE element * @return string the value in the $_COOKIE element
* @since 6.0.0 * @since 6.0.0
*/ */
public function getCookie($key); public function getCookie($key);

View File

@ -119,7 +119,7 @@ class User {
* @since 5.0.0 * @since 5.0.0
*/ */
public static function logout() { public static function logout() {
\OC_User::logout(); \OC::$server->getUserSession()->logout();
} }
/** /**

View File

@ -26,6 +26,7 @@ use OCP\AppFramework\Http\TemplateResponse;
use OCP\IConfig; use OCP\IConfig;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use Test\TestCase; use Test\TestCase;
@ -43,6 +44,8 @@ class LoginControllerTest extends TestCase {
private $session; private $session;
/** @var IUserSession */ /** @var IUserSession */
private $userSession; private $userSession;
/** @var IURLGenerator */
private $urlGenerator;
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
@ -51,6 +54,7 @@ class LoginControllerTest extends TestCase {
$this->config = $this->getMock('\\OCP\\IConfig'); $this->config = $this->getMock('\\OCP\\IConfig');
$this->session = $this->getMock('\\OCP\\ISession'); $this->session = $this->getMock('\\OCP\\ISession');
$this->userSession = $this->getMock('\\OCP\\IUserSession'); $this->userSession = $this->getMock('\\OCP\\IUserSession');
$this->urlGenerator = $this->getMock('\\OCP\\IURLGenerator');
$this->loginController = new LoginController( $this->loginController = new LoginController(
'core', 'core',
@ -58,10 +62,59 @@ class LoginControllerTest extends TestCase {
$this->userManager, $this->userManager,
$this->config, $this->config,
$this->session, $this->session,
$this->userSession $this->userSession,
$this->urlGenerator
); );
} }
public function testLogoutWithoutToken() {
$this->request
->expects($this->once())
->method('getCookie')
->with('oc_token')
->willReturn(null);
$this->config
->expects($this->never())
->method('deleteUserValue');
$this->urlGenerator
->expects($this->once())
->method('linkToRouteAbsolute')
->with('core.login.showLoginForm')
->willReturn('/login');
$expected = new RedirectResponse('/login');
$this->assertEquals($expected, $this->loginController->logout());
}
public function testLogoutWithToken() {
$this->request
->expects($this->once())
->method('getCookie')
->with('oc_token')
->willReturn('MyLoginToken');
$user = $this->getMock('\\OCP\\IUser');
$user
->expects($this->once())
->method('getUID')
->willReturn('JohnDoe');
$this->userSession
->expects($this->once())
->method('getUser')
->willReturn($user);
$this->config
->expects($this->once())
->method('deleteUserValue')
->with('JohnDoe', 'login_token', 'MyLoginToken');
$this->urlGenerator
->expects($this->once())
->method('linkToRouteAbsolute')
->with('core.login.showLoginForm')
->willReturn('/login');
$expected = new RedirectResponse('/login');
$this->assertEquals($expected, $this->loginController->logout());
}
public function testShowLoginFormForLoggedInUsers() { public function testShowLoginFormForLoggedInUsers() {
$this->userSession $this->userSession
->expects($this->once()) ->expects($this->once())