This allows the user to stay logged in if his IP changes.
Fixes #1106
*/
public function generateStaySignedInToken($clientIpAddress)
{
+ if ($this->configManager->get('security.session_protection_disabled') === true) {
+ $clientIpAddress = '';
+ }
$this->staySignedInToken = sha1(
$this->configManager->get('credentials.hash')
. $clientIpAddress
);
}
+ /**
+ * Generate a token depending on the user credentials with session protected disabled
+ */
+ public function testGenerateStaySignedInTokenSessionProtectionDisabled()
+ {
+ $this->configManager->set('security.session_protection_disabled', true);
+ $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+
+ $this->assertEquals(
+ sha1($this->passwordHash . $this->salt),
+ $this->loginManager->getStaySignedInToken()
+ );
+ }
+
/**
* Check user login - Shaarli has not yet been configured
*/