diff options
-rw-r--r-- | application/security/LoginManager.php | 2 | ||||
-rw-r--r-- | application/security/SessionManager.php | 5 | ||||
-rw-r--r-- | tests/security/LoginManagerTest.php | 15 |
3 files changed, 15 insertions, 7 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 4946850b..d6784d6d 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -95,7 +95,6 @@ class LoginManager | |||
95 | // The user client has a valid stay-signed-in cookie | 95 | // The user client has a valid stay-signed-in cookie |
96 | // Session information is updated with the current client information | 96 | // Session information is updated with the current client information |
97 | $this->sessionManager->storeLoginInfo($clientIpId); | 97 | $this->sessionManager->storeLoginInfo($clientIpId); |
98 | $this->isLoggedIn = true; | ||
99 | 98 | ||
100 | } elseif ($this->sessionManager->hasSessionExpired() | 99 | } elseif ($this->sessionManager->hasSessionExpired() |
101 | || $this->sessionManager->hasClientIpChanged($clientIpId) | 100 | || $this->sessionManager->hasClientIpChanged($clientIpId) |
@@ -105,6 +104,7 @@ class LoginManager | |||
105 | return; | 104 | return; |
106 | } | 105 | } |
107 | 106 | ||
107 | $this->isLoggedIn = true; | ||
108 | $this->sessionManager->extendSession(); | 108 | $this->sessionManager->extendSession(); |
109 | } | 109 | } |
110 | 110 | ||
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 24e25528..b8b8ab8d 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
@@ -169,6 +169,9 @@ class SessionManager | |||
169 | */ | 169 | */ |
170 | public function hasSessionExpired() | 170 | public function hasSessionExpired() |
171 | { | 171 | { |
172 | if (empty($this->session['expires_on'])) { | ||
173 | return true; | ||
174 | } | ||
172 | if (time() >= $this->session['expires_on']) { | 175 | if (time() >= $this->session['expires_on']) { |
173 | return true; | 176 | return true; |
174 | } | 177 | } |
@@ -188,7 +191,7 @@ class SessionManager | |||
188 | if ($this->conf->get('security.session_protection_disabled') === true) { | 191 | if ($this->conf->get('security.session_protection_disabled') === true) { |
189 | return false; | 192 | return false; |
190 | } | 193 | } |
191 | if ($this->session['ip'] == $clientIpId) { | 194 | if (isset($this->session['ip']) && $this->session['ip'] === $clientIpId) { |
192 | return false; | 195 | return false; |
193 | } | 196 | } |
194 | return true; | 197 | return true; |
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index fad09992..f26cd1eb 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php | |||
@@ -84,10 +84,7 @@ class LoginManagerTest extends TestCase | |||
84 | $this->globals = &$GLOBALS; | 84 | $this->globals = &$GLOBALS; |
85 | unset($this->globals['IPBANS']); | 85 | unset($this->globals['IPBANS']); |
86 | 86 | ||
87 | $this->session = [ | 87 | $this->session = []; |
88 | 'expires_on' => time() + 100, | ||
89 | 'ip' => $this->clientIpAddress, | ||
90 | ]; | ||
91 | 88 | ||
92 | $this->sessionManager = new SessionManager($this->session, $this->configManager); | 89 | $this->sessionManager = new SessionManager($this->session, $this->configManager); |
93 | $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager); | 90 | $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager); |
@@ -281,12 +278,18 @@ class LoginManagerTest extends TestCase | |||
281 | */ | 278 | */ |
282 | public function testCheckLoginStateStaySignedInWithInvalidToken() | 279 | public function testCheckLoginStateStaySignedInWithInvalidToken() |
283 | { | 280 | { |
281 | // simulate a previous login | ||
282 | $this->session = [ | ||
283 | 'ip' => $this->clientIpAddress, | ||
284 | 'expires_on' => time() + 100, | ||
285 | ]; | ||
284 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | 286 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); |
285 | $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; | 287 | $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; |
286 | 288 | ||
287 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | 289 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); |
288 | 290 | ||
289 | $this->assertFalse($this->loginManager->isLoggedIn()); | 291 | $this->assertTrue($this->loginManager->isLoggedIn()); |
292 | $this->assertTrue(empty($this->session['username'])); | ||
290 | } | 293 | } |
291 | 294 | ||
292 | /** | 295 | /** |
@@ -300,6 +303,8 @@ class LoginManagerTest extends TestCase | |||
300 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | 303 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); |
301 | 304 | ||
302 | $this->assertTrue($this->loginManager->isLoggedIn()); | 305 | $this->assertTrue($this->loginManager->isLoggedIn()); |
306 | $this->assertEquals($this->login, $this->session['username']); | ||
307 | $this->assertEquals($this->clientIpAddress, $this->session['ip']); | ||
303 | } | 308 | } |
304 | 309 | ||
305 | /** | 310 | /** |