/** * Try to login a user using the remember me cookie. * @return bool Whether the provided cookie was valid */ protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"] || !OC_Util::rememberLoginAllowed()) { return false; } if (\OC::$server->getConfig()->getSystemValue('debug', false)) { \OCP\Util::writeLog('core', 'Trying to login from cookie', \OCP\Util::DEBUG); } if (OC_User::userExists($_COOKIE['oc_username'])) { self::cleanupLoginTokens($_COOKIE['oc_username']); // verify whether the supplied "remember me" token was valid $granted = OC_User::loginWithCookie($_COOKIE['oc_username'], $_COOKIE['oc_token']); if ($granted === true) { OC_Util::redirectToDefaultPage(); // doesn't return } \OCP\Util::writeLog('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], \OCP\Util::WARN); // if you reach this point you have changed your password // or you are an attacker // we can not delete tokens here because users may reach // this point multiple times after a password change } OC_User::unsetMagicInCookie(); return true; }
protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"] || !OC_Util::rememberLoginAllowed()) { return false; } OC_App::loadApps(array('authentication')); if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG); } // confirm credentials in cookie if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username'])) { // delete outdated cookies self::cleanupLoginTokens($_COOKIE['oc_username']); // get stored tokens $tokens = OC_Preferences::getKeys($_COOKIE['oc_username'], 'login_token'); // test cookies token against stored tokens if (in_array($_COOKIE['oc_token'], $tokens, true)) { // replace successfully used token with a new one OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']); $token = OC_Util::generateRandomBytes(32); OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time()); OC_User::setMagicInCookie($_COOKIE['oc_username'], $token); // login OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); // doesn't return } // if you reach this point you have changed your password // or you are an attacker // we can not delete tokens here because users may reach // this point multiple times after a password change OC_Log::write('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], OC_Log::WARN); } OC_User::unsetMagicInCookie(); return true; }
public function testShowLoginFormForUserNamedNull() { $this->userSession->expects($this->once())->method('isLoggedIn')->willReturn(false); $this->config->expects($this->once())->method('getSystemValue')->with('lost_password_link')->willReturn(false); $user = $this->getMock('\\OCP\\IUser'); $user->expects($this->once())->method('canChangePassword')->willReturn(false); $this->userManager->expects($this->once())->method('get')->with('0')->willReturn($user); $expectedResponse = new TemplateResponse('core', 'login', ['messages' => [], 'loginName' => '0', 'user_autofocus' => false, 'canResetPassword' => false, 'alt_login' => [], 'rememberLoginAllowed' => \OC_Util::rememberLoginAllowed(), 'rememberLoginState' => 0], 'guest'); $this->assertEquals($expectedResponse, $this->loginController->showLoginForm('0', '', '')); }
/** * @PublicPage * @NoCSRFRequired * @UseSession * * @param string $user * @param string $redirect_url * @param string $remember_login * * @return TemplateResponse */ public function showLoginForm($user, $redirect_url, $remember_login) { if ($this->userSession->isLoggedIn()) { return new RedirectResponse(\OC_Util::getDefaultPageUrl()); } $parameters = array(); $loginMessages = $this->session->get('loginMessages'); $errors = []; $messages = []; if (is_array($loginMessages)) { list($errors, $messages) = $loginMessages; } $this->session->remove('loginMessages'); foreach ($errors as $value) { $parameters[$value] = true; } $parameters['messages'] = $messages; if (!is_null($user) && $user !== '') { $parameters['loginName'] = $user; $parameters['user_autofocus'] = false; } else { $parameters['loginName'] = ''; $parameters['user_autofocus'] = true; } if (!empty($redirect_url)) { $parameters['redirect_url'] = $redirect_url; } $parameters['canResetPassword'] = true; if (!$this->config->getSystemValue('lost_password_link')) { if (!is_null($user) && $user !== '') { $userObj = $this->userManager->get($user); if ($userObj instanceof IUser) { $parameters['canResetPassword'] = $userObj->canChangePassword(); } } } $parameters['alt_login'] = \OC_App::getAlternativeLogIns(); $parameters['rememberLoginAllowed'] = \OC_Util::rememberLoginAllowed(); $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0; if (!is_null($user) && $user !== '') { $parameters['loginName'] = $user; $parameters['user_autofocus'] = false; } else { $parameters['loginName'] = ''; $parameters['user_autofocus'] = true; } return new TemplateResponse($this->appName, 'login', $parameters, 'guest'); }