Set last-login-check on basic auth

Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2016-12-05 20:57:15 +01:00
parent bea85adc08
commit e368a745aa
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 106 additions and 0 deletions

View File

@ -423,6 +423,7 @@ class Session implements IUserSession, Emitter {
*
* @todo do not allow basic auth if the user is 2FA enforced
* @param IRequest $request
* @param OC\Security\Bruteforce\Throttler $throttler
* @return boolean if the login was successful
*/
public function tryBasicAuthLogin(IRequest $request,
@ -440,6 +441,10 @@ class Session implements IUserSession, Emitter {
$this->session->set(
Auth::DAV_AUTHENTICATED, $this->getUser()->getUID()
);
// Set the last-password-confirm session to make the sudo mode work
$this->session->set('last-password-confirm', $this->timeFacory->getTime());
return true;
}
} catch (PasswordLoginForbiddenException $ex) {

View File

@ -8,6 +8,7 @@
namespace Test\User;
use OC\AppFramework\Http\Request;
use OC\Authentication\Token\DefaultTokenMapper;
use OC\Authentication\Token\DefaultTokenProvider;
use OC\Authentication\Token\IProvider;
@ -17,6 +18,7 @@ use OC\Session\Memory;
use OC\User\Manager;
use OC\User\Session;
use OC\User\User;
use OCA\DAV\Connector\Sabre\Auth;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IConfig;
use OCP\ILogger;
@ -1219,4 +1221,103 @@ class SessionTest extends \Test\TestCase {
$this->userSession->createRememberMeToken($user);
}
public function testTryBasicAuthLoginValid() {
$request = $this->createMock(Request::class);
$request->method('__get')
->willReturn([
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'password',
]);
$request->method('__isset')
->with('server')
->willReturn(true);
$davAuthenticatedSet = false;
$lastPasswordConfirmSet = false;
$this->session
->method('set')
->will($this->returnCallback(function($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
switch ($k) {
case Auth::DAV_AUTHENTICATED:
$davAuthenticatedSet = $v;
return;
case 'last-password-confirm':
$lastPasswordConfirmSet = 1000;
return;
default:
throw new \Exception();
}
}));
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([
$this->manager,
$this->session,
$this->timeFactory,
$this->tokenProvider,
$this->config,
$this->random,
])
->setMethods([
'logClientIn',
'getUser',
])
->getMock();
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
$userSession->expects($this->once())
->method('logClientIn')
->with(
$this->equalTo('username'),
$this->equalTo('password'),
$this->equalTo($request),
$this->equalTo($this->throttler)
)->willReturn(true);
$user = $this->createMock(IUser::class);
$user->method('getUID')->willReturn('username');
$userSession->expects($this->once())
->method('getUser')
->willReturn($user);
$this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler));
$this->assertSame('username', $davAuthenticatedSet);
$this->assertSame(1000, $lastPasswordConfirmSet);
}
public function testTryBasicAuthLoginNoLogin() {
$request = $this->createMock(Request::class);
$request->method('__get')
->willReturn([]);
$request->method('__isset')
->with('server')
->willReturn(true);
$this->session->expects($this->never())
->method($this->anything());
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([
$this->manager,
$this->session,
$this->timeFactory,
$this->tokenProvider,
$this->config,
$this->random,
])
->setMethods([
'logClientIn',
])
->getMock();
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
$userSession->expects($this->never())
->method('logClientIn');
$this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler));
}
}