*/
public function generateStaySignedInToken($clientIpAddress)
{
+ if ($this->configManager->get('security.session_protection_disabled') === true) {
+ $clientIpAddress = '';
+ }
$this->staySignedInToken = sha1(
$this->configManager->get('credentials.hash')
. $clientIpAddress
// The user client has a valid stay-signed-in cookie
// Session information is updated with the current client information
$this->sessionManager->storeLoginInfo($clientIpId);
-
} elseif ($this->sessionManager->hasSessionExpired()
|| $this->sessionManager->hasClientIpChanged($clientIpId)
) {
namespace Shaarli\Security;
require_once 'tests/utils/FakeConfigManager.php';
-use \PHPUnit\Framework\TestCase;
+
+use PHPUnit\Framework\TestCase;
/**
* Test coverage for LoginManager
);
}
+ /**
+ * Generate a token depending on the user credentials with session protected disabled
+ */
+ public function testGenerateStaySignedInTokenSessionProtectionDisabled()
+ {
+ $this->configManager->set('security.session_protection_disabled', true);
+ $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+
+ $this->assertEquals(
+ sha1($this->passwordHash . $this->salt),
+ $this->loginManager->getStaySignedInToken()
+ );
+ }
+
/**
* Check user login - Shaarli has not yet been configured
*/