From 139fb8de9471e83155c141640ce91c66d42d7b28 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 23 Aug 2016 12:54:45 +0200 Subject: [PATCH] Remove "password reset token" after successful login --- core/Controller/LoginController.php | 3 +++ tests/Core/Controller/LoginControllerTest.php | 20 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index dbc1f3157fd..56b63155939 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -237,6 +237,9 @@ class LoginController extends Controller { $this->userSession->login($user, $password); $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password); + // User has successfully logged in, now remove the password reset link, when it is available + $this->config->deleteUserValue($loginResult->getUID(), 'owncloud', 'lostpassword'); + if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) { $this->twoFactorManager->prepareTwoFactorLogin($loginResult); if (!is_null($redirect_url)) { diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index 8eaa7c9843b..7fcc8222bc3 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -322,6 +322,8 @@ class LoginControllerTest extends TestCase { $this->userSession->expects($this->never()) ->method('createSessionToken'); + $this->config->expects($this->never()) + ->method('deleteUserValue'); $expected = new \OCP\AppFramework\Http\RedirectResponse($loginPageUrl); $this->assertEquals($expected, $this->loginController->tryLogin($user, $password, '')); @@ -330,6 +332,9 @@ class LoginControllerTest extends TestCase { public function testLoginWithValidCredentials() { /** @var IUser | \PHPUnit_Framework_MockObject_MockObject $user */ $user = $this->getMockBuilder('\OCP\IUser')->getMock(); + $user->expects($this->any()) + ->method('getUID') + ->will($this->returnValue('uid')); $password = 'secret'; $indexPageUrl = \OC_Util::getDefaultPageUrl(); @@ -363,6 +368,9 @@ class LoginControllerTest extends TestCase { ->method('isTwoFactorAuthenticated') ->with($user) ->will($this->returnValue(false)); + $this->config->expects($this->once()) + ->method('deleteUserValue') + ->with('uid', 'owncloud', 'lostpassword'); $expected = new \OCP\AppFramework\Http\RedirectResponse($indexPageUrl); $this->assertEquals($expected, $this->loginController->tryLogin($user, $password, null)); @@ -398,6 +406,8 @@ class LoginControllerTest extends TestCase { ->method('isLoggedIn') ->with() ->will($this->returnValue(false)); + $this->config->expects($this->never()) + ->method('deleteUserValue'); $expected = new \OCP\AppFramework\Http\RedirectResponse(\OC_Util::getDefaultPageUrl()); $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); @@ -438,6 +448,8 @@ class LoginControllerTest extends TestCase { ->method('getAbsoluteURL') ->with(urldecode($originalUrl)) ->will($this->returnValue($redirectUrl)); + $this->config->expects($this->never()) + ->method('deleteUserValue'); $expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl); $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); @@ -485,6 +497,9 @@ class LoginControllerTest extends TestCase { ->method('getAbsoluteURL') ->with(urldecode($originalUrl)) ->will($this->returnValue($redirectUrl)); + $this->config->expects($this->once()) + ->method('deleteUserValue') + ->with('jane', 'owncloud', 'lostpassword'); $expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl)); $this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl)); @@ -536,6 +551,9 @@ class LoginControllerTest extends TestCase { ->method('linkToRoute') ->with('core.TwoFactorChallenge.selectChallenge') ->will($this->returnValue($challengeUrl)); + $this->config->expects($this->once()) + ->method('deleteUserValue') + ->with('john', 'owncloud', 'lostpassword'); $expected = new RedirectResponse($challengeUrl); $this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null)); @@ -586,6 +604,8 @@ class LoginControllerTest extends TestCase { ->expects($this->once()) ->method('registerAttempt') ->with('login', '192.168.0.1', ['user' => 'john@doe.com']); + $this->config->expects($this->never()) + ->method('deleteUserValue'); $expected = new RedirectResponse(''); $this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', 'just wrong', null));