aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--application/security/LoginManager.php3
-rw-r--r--tests/security/LoginManagerTest.php14
2 files changed, 17 insertions, 0 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 0f315483..1ff3d0be 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -58,6 +58,9 @@ class LoginManager
58 */ 58 */
59 public function generateStaySignedInToken($clientIpAddress) 59 public function generateStaySignedInToken($clientIpAddress)
60 { 60 {
61 if ($this->configManager->get('security.session_protection_disabled') === true) {
62 $clientIpAddress = '';
63 }
61 $this->staySignedInToken = sha1( 64 $this->staySignedInToken = sha1(
62 $this->configManager->get('credentials.hash') 65 $this->configManager->get('credentials.hash')
63 . $clientIpAddress 66 . $clientIpAddress
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index de8055ed..7b0262b3 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -261,6 +261,20 @@ class LoginManagerTest extends TestCase
261 } 261 }
262 262
263 /** 263 /**
264 * Generate a token depending on the user credentials with session protected disabled
265 */
266 public function testGenerateStaySignedInTokenSessionProtectionDisabled()
267 {
268 $this->configManager->set('security.session_protection_disabled', true);
269 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
270
271 $this->assertEquals(
272 sha1($this->passwordHash . $this->salt),
273 $this->loginManager->getStaySignedInToken()
274 );
275 }
276
277 /**
264 * Check user login - Shaarli has not yet been configured 278 * Check user login - Shaarli has not yet been configured
265 */ 279 */
266 public function testCheckLoginStateNotConfigured() 280 public function testCheckLoginStateNotConfigured()