parent
51975d360a
commit
8222ad5157
|
@ -97,7 +97,8 @@ class Application extends App {
|
||||||
$c->query('UserManager'),
|
$c->query('UserManager'),
|
||||||
$c->query('Config'),
|
$c->query('Config'),
|
||||||
$c->query('Session'),
|
$c->query('Session'),
|
||||||
$c->query('UserSession')
|
$c->query('UserSession'),
|
||||||
|
$c->query('URLGenerator')
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -28,6 +28,7 @@ use OCP\AppFramework\Http\TemplateResponse;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
use OCP\ISession;
|
use OCP\ISession;
|
||||||
|
use OCP\IURLGenerator;
|
||||||
use OCP\IUser;
|
use OCP\IUser;
|
||||||
use OCP\IUserManager;
|
use OCP\IUserManager;
|
||||||
use OCP\IUserSession;
|
use OCP\IUserSession;
|
||||||
|
@ -41,6 +42,8 @@ class LoginController extends Controller {
|
||||||
private $session;
|
private $session;
|
||||||
/** @var IUserSession */
|
/** @var IUserSession */
|
||||||
private $userSession;
|
private $userSession;
|
||||||
|
/** @var IURLGenerator */
|
||||||
|
private $urlGenerator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $appName
|
* @param string $appName
|
||||||
|
@ -49,18 +52,37 @@ class LoginController extends Controller {
|
||||||
* @param IConfig $config
|
* @param IConfig $config
|
||||||
* @param ISession $session
|
* @param ISession $session
|
||||||
* @param IUserSession $userSession
|
* @param IUserSession $userSession
|
||||||
|
* @param IURLGenerator $urlGenerator
|
||||||
*/
|
*/
|
||||||
function __construct($appName,
|
function __construct($appName,
|
||||||
IRequest $request,
|
IRequest $request,
|
||||||
IUserManager $userManager,
|
IUserManager $userManager,
|
||||||
IConfig $config,
|
IConfig $config,
|
||||||
ISession $session,
|
ISession $session,
|
||||||
IUserSession $userSession) {
|
IUserSession $userSession,
|
||||||
|
IURLGenerator $urlGenerator) {
|
||||||
parent::__construct($appName, $request);
|
parent::__construct($appName, $request);
|
||||||
$this->userManager = $userManager;
|
$this->userManager = $userManager;
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
$this->session = $session;
|
$this->session = $session;
|
||||||
$this->userSession = $userSession;
|
$this->userSession = $userSession;
|
||||||
|
$this->urlGenerator = $urlGenerator;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @NoAdminRequired
|
||||||
|
* @UseSession
|
||||||
|
*
|
||||||
|
* @return RedirectResponse
|
||||||
|
*/
|
||||||
|
public function logout() {
|
||||||
|
$loginToken = $this->request->getCookie('oc_token');
|
||||||
|
if (!is_null($loginToken)) {
|
||||||
|
$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
|
||||||
|
}
|
||||||
|
$this->userSession->logout();
|
||||||
|
|
||||||
|
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -43,6 +43,7 @@ $application->registerRoutes($this, [
|
||||||
['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
|
['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
|
||||||
['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
|
['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
|
||||||
['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
|
['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
|
||||||
|
['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
|
||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
|
20
lib/base.php
20
lib/base.php
|
@ -858,7 +858,7 @@ class OC {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
|
if (!self::$CLI) {
|
||||||
try {
|
try {
|
||||||
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
|
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
|
||||||
OC_App::loadApps(array('filesystem', 'logging'));
|
OC_App::loadApps(array('filesystem', 'logging'));
|
||||||
|
@ -897,31 +897,13 @@ class OC {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect to index if the logout link is accessed without valid session
|
|
||||||
// this is needed to prevent "Token expired" messages while login if a session is expired
|
|
||||||
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
|
|
||||||
if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
|
|
||||||
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Someone is logged in
|
// Someone is logged in
|
||||||
if (OC_User::isLoggedIn()) {
|
if (OC_User::isLoggedIn()) {
|
||||||
OC_App::loadApps();
|
OC_App::loadApps();
|
||||||
OC_User::setupBackends();
|
OC_User::setupBackends();
|
||||||
OC_Util::setupFS();
|
OC_Util::setupFS();
|
||||||
if (isset($_GET["logout"]) and ($_GET["logout"])) {
|
|
||||||
OC_JSON::callCheck();
|
|
||||||
if (isset($_COOKIE['oc_token'])) {
|
|
||||||
\OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
|
|
||||||
}
|
|
||||||
OC_User::logout();
|
|
||||||
// redirect to webroot and add slash if webroot is empty
|
|
||||||
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
|
|
||||||
} else {
|
|
||||||
// Redirect to default application
|
// Redirect to default application
|
||||||
OC_Util::redirectToDefaultPage();
|
OC_Util::redirectToDefaultPage();
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
// Not handled and not logged in
|
// Not handled and not logged in
|
||||||
self::handleLogin();
|
self::handleLogin();
|
||||||
|
|
|
@ -179,7 +179,7 @@ class OC_API {
|
||||||
$response = self::mergeResponses($responses);
|
$response = self::mergeResponses($responses);
|
||||||
$format = self::requestedFormat();
|
$format = self::requestedFormat();
|
||||||
if (self::$logoutRequired) {
|
if (self::$logoutRequired) {
|
||||||
OC_User::logout();
|
\OC::$server->getUserSession()->logout();
|
||||||
}
|
}
|
||||||
|
|
||||||
self::respond($response, $format);
|
self::respond($response, $format);
|
||||||
|
|
|
@ -368,7 +368,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
|
||||||
/**
|
/**
|
||||||
* Shortcut for getting cookie variables
|
* Shortcut for getting cookie variables
|
||||||
* @param string $key the key that will be taken from the $_COOKIE array
|
* @param string $key the key that will be taken from the $_COOKIE array
|
||||||
* @return array the value in the $_COOKIE element
|
* @return string the value in the $_COOKIE element
|
||||||
*/
|
*/
|
||||||
public function getCookie($key) {
|
public function getCookie($key) {
|
||||||
return isset($this->cookies[$key]) ? $this->cookies[$key] : null;
|
return isset($this->cookies[$key]) ? $this->cookies[$key] : null;
|
||||||
|
|
|
@ -267,15 +267,6 @@ class OC_User {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Logs the current user out and kills all the session data
|
|
||||||
*
|
|
||||||
* Logout, destroys session
|
|
||||||
*/
|
|
||||||
public static function logout() {
|
|
||||||
self::getUserSession()->logout();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tries to login the user with HTTP Basic Authentication
|
* Tries to login the user with HTTP Basic Authentication
|
||||||
*/
|
*/
|
||||||
|
@ -342,7 +333,14 @@ class OC_User {
|
||||||
return $backend->getLogoutAttribute();
|
return $backend->getLogoutAttribute();
|
||||||
}
|
}
|
||||||
|
|
||||||
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(\OCP\Util::callRegister()) . '"';
|
$logoutUrl = \OC::$server->getURLGenerator()->linkToRouteAbsolute(
|
||||||
|
'core.login.logout',
|
||||||
|
[
|
||||||
|
'requesttoken' => \OCP\Util::callRegister(),
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
return 'href="'.$logoutUrl.'"';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -129,7 +129,7 @@ interface IRequest {
|
||||||
* Shortcut for getting cookie variables
|
* Shortcut for getting cookie variables
|
||||||
*
|
*
|
||||||
* @param string $key the key that will be taken from the $_COOKIE array
|
* @param string $key the key that will be taken from the $_COOKIE array
|
||||||
* @return array the value in the $_COOKIE element
|
* @return string the value in the $_COOKIE element
|
||||||
* @since 6.0.0
|
* @since 6.0.0
|
||||||
*/
|
*/
|
||||||
public function getCookie($key);
|
public function getCookie($key);
|
||||||
|
|
|
@ -119,7 +119,7 @@ class User {
|
||||||
* @since 5.0.0
|
* @since 5.0.0
|
||||||
*/
|
*/
|
||||||
public static function logout() {
|
public static function logout() {
|
||||||
\OC_User::logout();
|
\OC::$server->getUserSession()->logout();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -26,6 +26,7 @@ use OCP\AppFramework\Http\TemplateResponse;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
use OCP\ISession;
|
use OCP\ISession;
|
||||||
|
use OCP\IURLGenerator;
|
||||||
use OCP\IUserManager;
|
use OCP\IUserManager;
|
||||||
use OCP\IUserSession;
|
use OCP\IUserSession;
|
||||||
use Test\TestCase;
|
use Test\TestCase;
|
||||||
|
@ -43,6 +44,8 @@ class LoginControllerTest extends TestCase {
|
||||||
private $session;
|
private $session;
|
||||||
/** @var IUserSession */
|
/** @var IUserSession */
|
||||||
private $userSession;
|
private $userSession;
|
||||||
|
/** @var IURLGenerator */
|
||||||
|
private $urlGenerator;
|
||||||
|
|
||||||
public function setUp() {
|
public function setUp() {
|
||||||
parent::setUp();
|
parent::setUp();
|
||||||
|
@ -51,6 +54,7 @@ class LoginControllerTest extends TestCase {
|
||||||
$this->config = $this->getMock('\\OCP\\IConfig');
|
$this->config = $this->getMock('\\OCP\\IConfig');
|
||||||
$this->session = $this->getMock('\\OCP\\ISession');
|
$this->session = $this->getMock('\\OCP\\ISession');
|
||||||
$this->userSession = $this->getMock('\\OCP\\IUserSession');
|
$this->userSession = $this->getMock('\\OCP\\IUserSession');
|
||||||
|
$this->urlGenerator = $this->getMock('\\OCP\\IURLGenerator');
|
||||||
|
|
||||||
$this->loginController = new LoginController(
|
$this->loginController = new LoginController(
|
||||||
'core',
|
'core',
|
||||||
|
@ -58,10 +62,59 @@ class LoginControllerTest extends TestCase {
|
||||||
$this->userManager,
|
$this->userManager,
|
||||||
$this->config,
|
$this->config,
|
||||||
$this->session,
|
$this->session,
|
||||||
$this->userSession
|
$this->userSession,
|
||||||
|
$this->urlGenerator
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testLogoutWithoutToken() {
|
||||||
|
$this->request
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getCookie')
|
||||||
|
->with('oc_token')
|
||||||
|
->willReturn(null);
|
||||||
|
$this->config
|
||||||
|
->expects($this->never())
|
||||||
|
->method('deleteUserValue');
|
||||||
|
$this->urlGenerator
|
||||||
|
->expects($this->once())
|
||||||
|
->method('linkToRouteAbsolute')
|
||||||
|
->with('core.login.showLoginForm')
|
||||||
|
->willReturn('/login');
|
||||||
|
|
||||||
|
$expected = new RedirectResponse('/login');
|
||||||
|
$this->assertEquals($expected, $this->loginController->logout());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testLogoutWithToken() {
|
||||||
|
$this->request
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getCookie')
|
||||||
|
->with('oc_token')
|
||||||
|
->willReturn('MyLoginToken');
|
||||||
|
$user = $this->getMock('\\OCP\\IUser');
|
||||||
|
$user
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('JohnDoe');
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($user);
|
||||||
|
$this->config
|
||||||
|
->expects($this->once())
|
||||||
|
->method('deleteUserValue')
|
||||||
|
->with('JohnDoe', 'login_token', 'MyLoginToken');
|
||||||
|
$this->urlGenerator
|
||||||
|
->expects($this->once())
|
||||||
|
->method('linkToRouteAbsolute')
|
||||||
|
->with('core.login.showLoginForm')
|
||||||
|
->willReturn('/login');
|
||||||
|
|
||||||
|
$expected = new RedirectResponse('/login');
|
||||||
|
$this->assertEquals($expected, $this->loginController->logout());
|
||||||
|
}
|
||||||
|
|
||||||
public function testShowLoginFormForLoggedInUsers() {
|
public function testShowLoginFormForLoggedInUsers() {
|
||||||
$this->userSession
|
$this->userSession
|
||||||
->expects($this->once())
|
->expects($this->once())
|
||||||
|
|
Loading…
Reference in New Issue