Do not check the IP address with session protection disabled

This allows the user to stay logged in if his IP changes. Fixes #1106
author: ArthurHoaro <arthur@hoa.ro> 2018-07-17 14:13:37 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2018-07-17 14:13:37 +0200
commit: d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e (patch)
tree: 5be107b1b06cc9fbaeec32679474816d6469748e /tests/security
parent: 5d32c50ad70a659a6c86b80fa65d7ec41e045b1e (diff)
download: Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.gz
Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.zst
Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index f26cd1eb..b9ab5ec4 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -260,6 +260,20 @@ class LoginManagerTest extends TestCase
    }
    /**
+     * Generate a token depending on the user credentials with session protected disabled
+     */
+    public function testGenerateStaySignedInTokenSessionProtectionDisabled()
+    {
+        $this->configManager->set('security.session_protection_disabled', true);
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->assertEquals(
+            sha1($this->passwordHash . $this->salt),
+            $this->loginManager->getStaySignedInToken()
+        );
+    }
+    /**
     * Check user login - Shaarli has not yet been configured
     */
    public function testCheckLoginStateNotConfigured()
author	ArthurHoaro <arthur@hoa.ro>	2018-07-17 14:13:37 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2018-07-17 14:13:37 +0200
commit	d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e (patch)
tree	5be107b1b06cc9fbaeec32679474816d6469748e /tests/security
parent	5d32c50ad70a659a6c86b80fa65d7ec41e045b1e (diff)
download	Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.gz Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.tar.zst Shaarli-d9ba1cdd44a7eec9e7f4d429087c6ba838ad473e.zip

diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index f26cd1eb..b9ab5ec4 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php
@@ -260,6 +260,20 @@ class LoginManagerTest extends TestCase
260	}	260	}
261		261
262	/**	262	/**
		263	* Generate a token depending on the user credentials with session protected disabled
		264	*/
		265	public function testGenerateStaySignedInTokenSessionProtectionDisabled()
		266	{
		267	$this->configManager->set('security.session_protection_disabled', true);
		268	$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
		269
		270	$this->assertEquals(
		271	sha1($this->passwordHash . $this->salt),
		272	$this->loginManager->getStaySignedInToken()
		273	);
		274	}
		275
		276	/**
263	* Check user login - Shaarli has not yet been configured	277	* Check user login - Shaarli has not yet been configured
264	*/	278	*/
265	public function testCheckLoginStateNotConfigured()	279	public function testCheckLoginStateNotConfigured()