sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #51905 from nextcloud/fix/session/permanent-token-app-password 

fix(session): Only mark sessions of permanent tokens as app passwords
uploadfolder-rework-autofix
Ferdinand Thiessen 2025-04-03 11:31:30 +07:00 committed by GitHub
parent 07f4c10919 5003467f98
commit 8f6386d0d9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/private/User/Session.php
Unescape Escape View File

@ -834,9 +834,8 @@ class Session implements IUserSession, Emitter {
return true;
}
// Remember me tokens are not app_passwords
if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
// Set the session variable so we know this is an app password
// Set the session variable so we know this is an app password
if ($dbToken instanceof PublicKeyToken && $dbToken->getType() === IToken::PERMANENT_TOKEN) {
$this->session->set('app_password', $token);
}

40
tests/lib/User/SessionTest.php
Unescape Escape View File

@ -34,6 +34,7 @@ use OCP\Lockdown\ILockdownManager;
use OCP\Security\Bruteforce\IThrottler;
use OCP\Security\ISecureRandom;
use OCP\User\Events\PostLoginEvent;
use PHPUnit\Framework\ExpectationFailedException;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Log\LoggerInterface;
use function array_diff;
@ -611,6 +612,45 @@ class SessionTest extends \Test\TestCase {
self::assertFalse($loginResult);
}
public function testTryTokenLoginNotAnAppPassword(): void {
$request = $this->createMock(IRequest::class);
$this->config->expects(self::once())
->method('getSystemValueString')
->with('instanceid')
->willReturn('abc123');
$request->method('getHeader')->with('Authorization')->willReturn('');
$request->method('getCookie')->with('abc123')->willReturn('abcde12345');
$this->session->expects(self::once())
->method('getId')
->willReturn('abcde12345');
$dbToken = new PublicKeyToken();
$dbToken->setId(42);
$dbToken->setUid('johnny');
$dbToken->setLoginName('johnny');
$dbToken->setLastCheck(0);
$dbToken->setType(IToken::TEMPORARY_TOKEN);
$dbToken->setRemember(IToken::REMEMBER);
$this->tokenProvider->expects(self::any())
->method('getToken')
->with('abcde12345')
->willReturn($dbToken);
$this->session->method('set')
->willReturnCallback(function ($key, $value) {
if ($key === 'app_password') {
throw new ExpectationFailedException('app_password should not be set in session');
}
});
$user = $this->createMock(IUser::class);
$user->method('isEnabled')->willReturn(true);
$this->manager->method('get')
->with('johnny')
->willReturn($user);
$loginResult = $this->userSession->tryTokenLogin($request);
self::assertTrue($loginResult);
}
public function testRememberLoginValidToken(): void {
$session = $this->createMock(Memory::class);
$managerMethods = get_class_methods(Manager::class);