diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2019-02-09 12:36:31 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-09 12:36:31 +0100 |
| commit | 905f8675a728841b03b300d2c7dc909a1c4f7f03 (patch) | |
| tree | c587dd4e34acfe784153fb34a3014bb7fb6573d8 | |
| parent | 7417e8ac4a4cf742ace1679c046425bb3f2bac2c (diff) | |
| parent | d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e (diff) | |
| download | Shaarli-905f8675a728841b03b300d2c7dc909a1c4f7f03.tar.gz Shaarli-905f8675a728841b03b300d2c7dc909a1c4f7f03.tar.zst Shaarli-905f8675a728841b03b300d2c7dc909a1c4f7f03.zip | |
Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login
Do not check the IP address with session protection disabled
| -rw-r--r-- | application/security/LoginManager.php | 3 | ||||
| -rw-r--r-- | tests/security/LoginManagerTest.php | 14 |
2 files changed, 17 insertions, 0 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 0f315483..1ff3d0be 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
| @@ -58,6 +58,9 @@ class LoginManager | |||
| 58 | */ | 58 | */ |
| 59 | public function generateStaySignedInToken($clientIpAddress) | 59 | public function generateStaySignedInToken($clientIpAddress) |
| 60 | { | 60 | { |
| 61 | if ($this->configManager->get('security.session_protection_disabled') === true) { | ||
| 62 | $clientIpAddress = ''; | ||
| 63 | } | ||
| 61 | $this->staySignedInToken = sha1( | 64 | $this->staySignedInToken = sha1( |
| 62 | $this->configManager->get('credentials.hash') | 65 | $this->configManager->get('credentials.hash') |
| 63 | . $clientIpAddress | 66 | . $clientIpAddress |
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index de8055ed..7b0262b3 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php | |||
| @@ -261,6 +261,20 @@ class LoginManagerTest extends TestCase | |||
| 261 | } | 261 | } |
| 262 | 262 | ||
| 263 | /** | 263 | /** |
| 264 | * Generate a token depending on the user credentials with session protected disabled | ||
| 265 | */ | ||
| 266 | public function testGenerateStaySignedInTokenSessionProtectionDisabled() | ||
| 267 | { | ||
| 268 | $this->configManager->set('security.session_protection_disabled', true); | ||
| 269 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | ||
| 270 | |||
| 271 | $this->assertEquals( | ||
| 272 | sha1($this->passwordHash . $this->salt), | ||
| 273 | $this->loginManager->getStaySignedInToken() | ||
| 274 | ); | ||
| 275 | } | ||
| 276 | |||
| 277 | /** | ||
| 264 | * Check user login - Shaarli has not yet been configured | 278 | * Check user login - Shaarli has not yet been configured |
| 265 | */ | 279 | */ |
| 266 | public function testCheckLoginStateNotConfigured() | 280 | public function testCheckLoginStateNotConfigured() |