mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Save the scope of an auth token in the session 

Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman 2017-02-17 15:40:20 +01:00 committed by Lukas Reschke
parent 6bdd3a167d
commit baec42e80a
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
5 changed files with 118 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
lib/private/Lockdown/LockdownManager.php
View File

@ -20,27 +20,60 @@
namespace OC\Lockdown; namespace OC\Lockdown;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
use OCP\ISession;
use OCP\Lockdown\ILockdownManager; use OCP\Lockdown\ILockdownManager;
class LockdownManager implements ILockdownManager { class LockdownManager implements ILockdownManager {
/** @var ISession */
private $sessionCallback;
private $enabled = false; private $enabled = false;
/** @var array|null */ /** @var array|null */
private $scope; private $scope;
/**
* LockdownManager constructor.
*
* @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops
*/
public function __construct(callable $sessionCallback) {
$this->sessionCallback = $sessionCallback;
}
public function enable() { public function enable() {
$this->enabled = true; $this->enabled = true;
} }
/**
* @return ISession
*/
private function getSession() {
$callback = $this->sessionCallback;
return $callback();
}
private function getScopeAsArray() {
if (!$this->scope) {
$session = $this->getSession();
$sessionScope = $session->get('token_scope');
if ($sessionScope) {
$this->scope = $sessionScope;
}
}
return $this->scope;
}
public function setToken(IToken $token) { public function setToken(IToken $token) {
$this->scope = $token->getScopeAsArray(); $this->scope = $token->getScopeAsArray();
$session = $this->getSession();
$session->set('token_scope', $this->scope);
$this->enable(); $this->enable();
} }
public function canAccessFilesystem() { public function canAccessFilesystem() {
if (!$this->enabled) { $scope = $this->getScopeAsArray();
return true; return !$scope || $scope['filesystem'];
}
return !$this->scope || $this->scope['filesystem'];
} }
} }

6
lib/private/Server.php
View File

@ -307,7 +307,7 @@ class Server extends ServerContainer implements IServerContainer {
$defaultTokenProvider = null; $defaultTokenProvider = null;
} }
$userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom()); $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom(), $c->getLockdownManager());
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
}); });
@ -930,7 +930,9 @@ class Server extends ServerContainer implements IServerContainer {
}); });
$this->registerService('LockdownManager', function (Server $c) { $this->registerService('LockdownManager', function (Server $c) {
return new LockdownManager(); return new LockdownManager(function() use ($c) {
return $c->getSession();
});
}); });
$this->registerService(ICloudIdManager::class, function (Server $c) { $this->registerService(ICloudIdManager::class, function (Server $c) {

45
lib/private/User/Session.php
View File

@ -51,6 +51,7 @@ use OCP\ISession;
use OCP\IUser; use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use OCP\Lockdown\ILockdownManager;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;
use OCP\Util; use OCP\Util;
@ -84,7 +85,7 @@ class Session implements IUserSession, Emitter {
private $session; private $session;
/** @var ITimeFactory */ /** @var ITimeFactory */
private $timeFacory; private $timeFactory;
/** @var IProvider */ /** @var IProvider */
private $tokenProvider; private $tokenProvider;
@ -98,26 +99,33 @@ class Session implements IUserSession, Emitter {
/** @var ISecureRandom */ /** @var ISecureRandom */
private $random; private $random;
/** @var ILockdownManager */
private $lockdownManager;
/** /**
* @param IUserManager $manager * @param IUserManager $manager
* @param ISession $session * @param ISession $session
* @param ITimeFactory $timeFacory * @param ITimeFactory $timeFactory
* @param IProvider $tokenProvider * @param IProvider $tokenProvider
* @param IConfig $config * @param IConfig $config
* @param ISecureRandom $random * @param ISecureRandom $random
* @param ILockdownManager $lockdownManager
*/ */
public function __construct(IUserManager $manager, public function __construct(IUserManager $manager,
ISession $session, ISession $session,
ITimeFactory $timeFacory, ITimeFactory $timeFactory,
$tokenProvider, $tokenProvider,
IConfig $config, IConfig $config,
ISecureRandom $random) { ISecureRandom $random,
ILockdownManager $lockdownManager
) {
$this->manager = $manager; $this->manager = $manager;
$this->session = $session; $this->session = $session;
$this->timeFacory = $timeFacory; $this->timeFactory = $timeFactory;
$this->tokenProvider = $tokenProvider; $this->tokenProvider = $tokenProvider;
$this->config = $config; $this->config = $config;
$this->random = $random; $this->random = $random;
$this->lockdownManager = $lockdownManager;
} }
/** /**
@ -374,7 +382,7 @@ class Session implements IUserSession, Emitter {
if (!is_null($request->getCookie('cookie_test'))) { if (!is_null($request->getCookie('cookie_test'))) {
return true; return true;
} }
setcookie('cookie_test', 'test', $this->timeFacory->getTime() + 3600); setcookie('cookie_test', 'test', $this->timeFactory->getTime() + 3600);
return false; return false;
} }
@ -464,7 +472,7 @@ class Session implements IUserSession, Emitter {
); );
// Set the last-password-confirm session to make the sudo mode work // Set the last-password-confirm session to make the sudo mode work
$this->session->set('last-password-confirm', $this->timeFacory->getTime()); $this->session->set('last-password-confirm', $this->timeFactory->getTime());
return true; return true;
} }
@ -550,7 +558,7 @@ class Session implements IUserSession, Emitter {
$this->setUser($user); $this->setUser($user);
$this->setLoginName($dbToken->getLoginName()); $this->setLoginName($dbToken->getLoginName());
$this->setToken($dbToken->getId()); $this->setToken($dbToken->getId());
\OC::$server->getLockdownManager()->setToken($dbToken); $this->lockdownManager->setToken($dbToken);
$this->manager->emit('\OC\User', 'postLogin', array($user, $password)); $this->manager->emit('\OC\User', 'postLogin', array($user, $password));
if ($this->isLoggedIn()) { if ($this->isLoggedIn()) {
@ -626,7 +634,7 @@ class Session implements IUserSession, Emitter {
// Check whether login credentials are still valid and the user was not disabled // Check whether login credentials are still valid and the user was not disabled
// This check is performed each 5 minutes // This check is performed each 5 minutes
$lastCheck = $dbToken->getLastCheck() ? : 0; $lastCheck = $dbToken->getLastCheck() ? : 0;
$now = $this->timeFacory->getTime(); $now = $this->timeFactory->getTime();
if ($lastCheck > ($now - 60 * 5)) { if ($lastCheck > ($now - 60 * 5)) {
// Checked performed recently, nothing to do now // Checked performed recently, nothing to do now
return true; return true;
@ -747,7 +755,7 @@ class Session implements IUserSession, Emitter {
// replace successfully used token with a new one // replace successfully used token with a new one
$this->config->deleteUserValue($uid, 'login_token', $currentToken); $this->config->deleteUserValue($uid, 'login_token', $currentToken);
$newToken = $this->random->generate(32); $newToken = $this->random->generate(32);
$this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFacory->getTime()); $this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFactory->getTime());
try { try {
$sessionId = $this->session->getId(); $sessionId = $this->session->getId();
@ -766,6 +774,7 @@ class Session implements IUserSession, Emitter {
$this->setUser($user); $this->setUser($user);
$this->setLoginName($token->getLoginName()); $this->setLoginName($token->getLoginName());
$this->setToken($token->getId()); $this->setToken($token->getId());
$this->lockdownManager->setToken($token);
$user->updateLastLoginTimestamp(); $user->updateLastLoginTimestamp();
$this->manager->emit('\OC\User', 'postRememberedLogin', [$user]); $this->manager->emit('\OC\User', 'postRememberedLogin', [$user]);
return true; return true;
@ -776,7 +785,7 @@ class Session implements IUserSession, Emitter {
*/ */
public function createRememberMeToken(IUser $user) { public function createRememberMeToken(IUser $user) {
$token = $this->random->generate(32); $token = $this->random->generate(32);
$this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFacory->getTime()); $this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFactory->getTime());
$this->setMagicInCookie($user->getUID(), $token); $this->setMagicInCookie($user->getUID(), $token);
} }
@ -814,7 +823,7 @@ class Session implements IUserSession, Emitter {
$webRoot = '/'; $webRoot = '/';
} }
$expires = $this->timeFacory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); $expires = $this->timeFactory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true); setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true);
setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true); setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true);
try { try {
@ -834,14 +843,14 @@ class Session implements IUserSession, Emitter {
unset($_COOKIE['nc_username']); //TODO: DI unset($_COOKIE['nc_username']); //TODO: DI
unset($_COOKIE['nc_token']); unset($_COOKIE['nc_token']);
unset($_COOKIE['nc_session_id']); unset($_COOKIE['nc_session_id']);
setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
// old cookies might be stored under /webroot/ instead of /webroot // old cookies might be stored under /webroot/ instead of /webroot
// and Firefox doesn't like it! // and Firefox doesn't like it!
setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
} }
/** /**

17
tests/lib/Lockdown/LockdownManagerTest.php
View File

@ -23,18 +23,29 @@ namespace Test\Lockdown;
use OC\Authentication\Token\DefaultToken; use OC\Authentication\Token\DefaultToken;
use OC\Lockdown\LockdownManager; use OC\Lockdown\LockdownManager;
use OCP\ISession;
use Test\TestCase; use Test\TestCase;
class LockdownManagerTest extends TestCase { class LockdownManagerTest extends TestCase {
private $sessionCallback;
public function setUp() {
parent::setUp();
$this->sessionCallback = function() {
return $this->createMock(ISession::class);
};
}
public function testCanAccessFilesystemDisabled() { public function testCanAccessFilesystemDisabled() {
$manager = new LockdownManager(); $manager = new LockdownManager($this->sessionCallback);
$this->assertTrue($manager->canAccessFilesystem()); $this->assertTrue($manager->canAccessFilesystem());
} }
public function testCanAccessFilesystemAllowed() { public function testCanAccessFilesystemAllowed() {
$token = new DefaultToken(); $token = new DefaultToken();
$token->setScope(['filesystem' => true]); $token->setScope(['filesystem' => true]);
$manager = new LockdownManager(); $manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token); $manager->setToken($token);
$this->assertTrue($manager->canAccessFilesystem()); $this->assertTrue($manager->canAccessFilesystem());
} }
@ -42,7 +53,7 @@ class LockdownManagerTest extends TestCase {
public function testCanAccessFilesystemNotAllowed() { public function testCanAccessFilesystemNotAllowed() {
$token = new DefaultToken(); $token = new DefaultToken();
$token->setScope(['filesystem' => false]); $token->setScope(['filesystem' => false]);
$manager = new LockdownManager(); $manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token); $manager->setToken($token);
$this->assertFalse($manager->canAccessFilesystem()); $this->assertFalse($manager->canAccessFilesystem());
} }

65
tests/lib/User/SessionTest.php
View File

@ -26,6 +26,7 @@ use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUser; use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\Lockdown\ILockdownManager;
use OCP\Security\ICrypto; use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
@ -50,6 +51,8 @@ class SessionTest extends \Test\TestCase {
private $session; private $session;
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */ /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
private $userSession; private $userSession;
/** @var ILockdownManager|\PHPUnit_Framework_MockObject_MockObject */
private $lockdownManager;
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
@ -64,6 +67,7 @@ class SessionTest extends \Test\TestCase {
$this->random = $this->createMock(ISecureRandom::class); $this->random = $this->createMock(ISecureRandom::class);
$this->manager = $this->createMock(IUserManager::class); $this->manager = $this->createMock(IUserManager::class);
$this->session = $this->createMock(ISession::class); $this->session = $this->createMock(ISession::class);
$this->lockdownManager = $this->createMock(ILockdownManager::class);
$this->userSession = $this->getMockBuilder(Session::class) $this->userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([ ->setConstructorArgs([
$this->manager, $this->manager,
@ -72,6 +76,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider, $this->tokenProvider,
$this->config, $this->config,
$this->random, $this->random,
$this->lockdownManager
]) ])
->setMethods([ ->setMethods([
'setMagicInCookie', 'setMagicInCookie',
@ -132,7 +137,7 @@ class SessionTest extends \Test\TestCase {
->with($expectedUser->getUID()) ->with($expectedUser->getUID())
->will($this->returnValue($expectedUser)); ->will($this->returnValue($expectedUser));
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$user = $userSession->getUser(); $user = $userSession->getUser();
$this->assertSame($expectedUser, $user); $this->assertSame($expectedUser, $user);
$this->assertSame(10000, $token->getLastCheck()); $this->assertSame(10000, $token->getLastCheck());
@ -154,7 +159,7 @@ class SessionTest extends \Test\TestCase {
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods([ ->setMethods([
'getUser' 'getUser'
]) ])
@ -181,7 +186,7 @@ class SessionTest extends \Test\TestCase {
->method('getUID') ->method('getUID')
->will($this->returnValue('foo')); ->will($this->returnValue('foo'));
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$userSession->setUser($user); $userSession->setUser($user);
} }
@ -233,7 +238,7 @@ class SessionTest extends \Test\TestCase {
->will($this->returnValue($user)); ->will($this->returnValue($user));
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods([ ->setMethods([
'prepareUserLogin' 'prepareUserLogin'
]) ])
@ -280,7 +285,7 @@ class SessionTest extends \Test\TestCase {
->with('foo', 'bar') ->with('foo', 'bar')
->will($this->returnValue($user)); ->will($this->returnValue($user));
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$userSession->login('foo', 'bar'); $userSession->login('foo', 'bar');
} }
@ -294,7 +299,7 @@ class SessionTest extends \Test\TestCase {
->setConstructorArgs([$this->config]) ->setConstructorArgs([$this->config])
->getMock(); ->getMock();
$backend = $this->createMock(\Test\Util\User\Dummy::class); $backend = $this->createMock(\Test\Util\User\Dummy::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock(); $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
@ -323,7 +328,7 @@ class SessionTest extends \Test\TestCase {
public function testLoginNonExisting() { public function testLoginNonExisting() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$session->expects($this->never()) $session->expects($this->never())
->method('set'); ->method('set');
@ -349,7 +354,7 @@ class SessionTest extends \Test\TestCase {
public function testLoginWithDifferentTokenLoginName() { public function testLoginWithDifferentTokenLoginName() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$username = 'user123'; $username = 'user123';
$token = new \OC\Authentication\Token\DefaultToken(); $token = new \OC\Authentication\Token\DefaultToken();
$token->setLoginName($username); $token->setLoginName($username);
@ -381,7 +386,7 @@ class SessionTest extends \Test\TestCase {
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock(); ->getMock();
@ -417,7 +422,7 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */ /** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock(); ->getMock();
@ -440,7 +445,7 @@ class SessionTest extends \Test\TestCase {
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser']) ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock(); ->getMock();
@ -482,7 +487,7 @@ class SessionTest extends \Test\TestCase {
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['login', 'isTwoFactorEnforced']) ->setMethods(['login', 'isTwoFactorEnforced'])
->getMock(); ->getMock();
@ -529,7 +534,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie', 'setLoginName']) ->setMethods(['setMagicInCookie', 'setLoginName'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
@ -606,7 +611,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie']) ->setMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
@ -666,7 +671,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie']) ->setMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
@ -714,7 +719,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie']) ->setMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$token = 'goodToken'; $token = 'goodToken';
$oldSessionId = 'sess321'; $oldSessionId = 'sess321';
@ -762,7 +767,7 @@ class SessionTest extends \Test\TestCase {
$session = new Memory(''); $session = new Memory('');
$session->set('user_id', 'foo'); $session->set('user_id', 'foo');
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods([ ->setMethods([
'validateSession' 'validateSession'
]) ])
@ -782,7 +787,7 @@ class SessionTest extends \Test\TestCase {
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$random = $this->createMock(ISecureRandom::class); $random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class); $config = $this->createMock(IConfig::class);
@ -823,7 +828,7 @@ class SessionTest extends \Test\TestCase {
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$random = $this->createMock(ISecureRandom::class); $random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class); $config = $this->createMock(IConfig::class);
@ -867,7 +872,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$token = $this->createMock(IToken::class); $token = $this->createMock(IToken::class);
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$random = $this->createMock(ISecureRandom::class); $random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class); $config = $this->createMock(IConfig::class);
@ -914,7 +919,7 @@ class SessionTest extends \Test\TestCase {
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$request = $this->createMock(IRequest::class); $request = $this->createMock(IRequest::class);
$uid = 'user123'; $uid = 'user123';
@ -944,7 +949,7 @@ class SessionTest extends \Test\TestCase {
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setMethods(['logout']) ->setMethods(['logout'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$request = $this->createMock(IRequest::class); $request = $this->createMock(IRequest::class);
@ -973,7 +978,7 @@ class SessionTest extends \Test\TestCase {
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['logout']) ->setMethods(['logout'])
->getMock(); ->getMock();
@ -1020,7 +1025,7 @@ class SessionTest extends \Test\TestCase {
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['logout']) ->setMethods(['logout'])
->getMock(); ->getMock();
@ -1054,7 +1059,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$password = '123456'; $password = '123456';
$sessionId = 'session1234'; $sessionId = 'session1234';
@ -1079,7 +1084,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$session->expects($this->once()) $session->expects($this->once())
->method('getId') ->method('getId')
@ -1093,7 +1098,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$password = '123456'; $password = '123456';
$sessionId = 'session1234'; $sessionId = 'session1234';
@ -1133,7 +1138,7 @@ class SessionTest extends \Test\TestCase {
$tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$mapper->expects($this->any()) $mapper->expects($this->any())
->method('getToken') ->method('getToken')
@ -1183,7 +1188,7 @@ class SessionTest extends \Test\TestCase {
$tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$mapper->expects($this->any()) $mapper->expects($this->any())
->method('getToken') ->method('getToken')
@ -1271,6 +1276,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider, $this->tokenProvider,
$this->config, $this->config,
$this->random, $this->random,
$this->lockdownManager
]) ])
->setMethods([ ->setMethods([
'logClientIn', 'logClientIn',
@ -1320,6 +1326,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider, $this->tokenProvider,
$this->config, $this->config,
$this->random, $this->random,
$this->lockdownManager
]) ])
->setMethods([ ->setMethods([
'logClientIn', 'logClientIn',