diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index c3561cf64e..dcda825b9d 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -423,6 +423,7 @@ class Session implements IUserSession, Emitter { * * @todo do not allow basic auth if the user is 2FA enforced * @param IRequest $request + * @param OC\Security\Bruteforce\Throttler $throttler * @return boolean if the login was successful */ public function tryBasicAuthLogin(IRequest $request, @@ -440,6 +441,10 @@ class Session implements IUserSession, Emitter { $this->session->set( Auth::DAV_AUTHENTICATED, $this->getUser()->getUID() ); + + // Set the last-password-confirm session to make the sudo mode work + $this->session->set('last-password-confirm', $this->timeFacory->getTime()); + return true; } } catch (PasswordLoginForbiddenException $ex) { diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 78b673d10b..27cb92d673 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -8,6 +8,7 @@ namespace Test\User; +use OC\AppFramework\Http\Request; use OC\Authentication\Token\DefaultTokenMapper; use OC\Authentication\Token\DefaultTokenProvider; use OC\Authentication\Token\IProvider; @@ -17,6 +18,7 @@ use OC\Session\Memory; use OC\User\Manager; use OC\User\Session; use OC\User\User; +use OCA\DAV\Connector\Sabre\Auth; use OCP\AppFramework\Utility\ITimeFactory; use OCP\IConfig; use OCP\ILogger; @@ -1219,4 +1221,103 @@ class SessionTest extends \Test\TestCase { $this->userSession->createRememberMeToken($user); } + + public function testTryBasicAuthLoginValid() { + $request = $this->createMock(Request::class); + $request->method('__get') + ->willReturn([ + 'PHP_AUTH_USER' => 'username', + 'PHP_AUTH_PW' => 'password', + ]); + $request->method('__isset') + ->with('server') + ->willReturn(true); + + $davAuthenticatedSet = false; + $lastPasswordConfirmSet = false; + + $this->session + ->method('set') + ->will($this->returnCallback(function($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) { + switch ($k) { + case Auth::DAV_AUTHENTICATED: + $davAuthenticatedSet = $v; + return; + case 'last-password-confirm': + $lastPasswordConfirmSet = 1000; + return; + default: + throw new \Exception(); + } + })); + + $userSession = $this->getMockBuilder(Session::class) + ->setConstructorArgs([ + $this->manager, + $this->session, + $this->timeFactory, + $this->tokenProvider, + $this->config, + $this->random, + ]) + ->setMethods([ + 'logClientIn', + 'getUser', + ]) + ->getMock(); + + /** @var Session|\PHPUnit_Framework_MockObject_MockObject */ + $userSession->expects($this->once()) + ->method('logClientIn') + ->with( + $this->equalTo('username'), + $this->equalTo('password'), + $this->equalTo($request), + $this->equalTo($this->throttler) + )->willReturn(true); + + $user = $this->createMock(IUser::class); + $user->method('getUID')->willReturn('username'); + + $userSession->expects($this->once()) + ->method('getUser') + ->willReturn($user); + + $this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler)); + + $this->assertSame('username', $davAuthenticatedSet); + $this->assertSame(1000, $lastPasswordConfirmSet); + } + + public function testTryBasicAuthLoginNoLogin() { + $request = $this->createMock(Request::class); + $request->method('__get') + ->willReturn([]); + $request->method('__isset') + ->with('server') + ->willReturn(true); + + $this->session->expects($this->never()) + ->method($this->anything()); + + $userSession = $this->getMockBuilder(Session::class) + ->setConstructorArgs([ + $this->manager, + $this->session, + $this->timeFactory, + $this->tokenProvider, + $this->config, + $this->random, + ]) + ->setMethods([ + 'logClientIn', + ]) + ->getMock(); + + /** @var Session|\PHPUnit_Framework_MockObject_MockObject */ + $userSession->expects($this->never()) + ->method('logClientIn'); + + $this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler)); + } }