aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2018-07-17 14:13:37 +0200
committerArthurHoaro <arthur@hoa.ro>2018-07-17 14:13:37 +0200
commitd9ba1cdd44a7eec9e7f4d429087c6ba838ad473e (patch)
tree5be107b1b06cc9fbaeec32679474816d6469748e /tests/security
parent5d32c50ad70a659a6c86b80fa65d7ec41e045b1e (diff)
downloadShaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.gz
Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.zst
Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.zip
Do not check the IP address with session protection disabled
This allows the user to stay logged in if his IP changes. Fixes #1106
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/LoginManagerTest.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index f26cd1eb..b9ab5ec4 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -260,6 +260,20 @@ class LoginManagerTest extends TestCase
260 } 260 }
261 261
262 /** 262 /**
263 * Generate a token depending on the user credentials with session protected disabled
264 */
265 public function testGenerateStaySignedInTokenSessionProtectionDisabled()
266 {
267 $this->configManager->set('security.session_protection_disabled', true);
268 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
269
270 $this->assertEquals(
271 sha1($this->passwordHash . $this->salt),
272 $this->loginManager->getStaySignedInToken()
273 );
274 }
275
276 /**
263 * Check user login - Shaarli has not yet been configured 277 * Check user login - Shaarli has not yet been configured
264 */ 278 */
265 public function testCheckLoginStateNotConfigured() 279 public function testCheckLoginStateNotConfigured()