From c20cdc2213f99c6faa500e908b13fed8d0bbe5a1 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@owncloud.com>
Date: Tue, 17 May 2016 10:07:58 +0200
Subject: [PATCH] invalidate user session if the user is disabled
---
lib/private/User/Session.php | 7 ++---
tests/lib/User/SessionTest.php | 47 ++++++++++++++++++++++++++++++++++
2 files changed, 51 insertions(+), 3 deletions(-)
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 7104f46fea2..138e17bba9b 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -206,7 +206,7 @@ class Session implements IUserSession, Emitter {
return;
}
- // Check whether login credentials are still valid
+ // Check whether login credentials are still valid and the user was not disabled
// This check is performed each 5 minutes
$lastCheck = $this->session->get('last_login_check') ? : 0;
$now = $this->timeFacory->getTime();
@@ -219,8 +219,9 @@ class Session implements IUserSession, Emitter {
return;
}
- if ($this->manager->checkPassword($user->getUID(), $pwd) === false) {
- // Password has changed -> log user out
+ if ($this->manager->checkPassword($user->getUID(), $pwd) === false
+ || !$user->isEnabled()) {
+ // Password has changed or user was disabled -> log user out
$this->logout();
return;
}
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 4438487e2a0..140c4321c51 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -509,4 +509,51 @@ class SessionTest extends \Test\TestCase {
$this->assertFalse($userSession->tryTokenLogin($request));
}
+ public function testValidateSessionDisabledUser() {
+ $userManager = $this->getMock('\OCP\IUserManager');
+ $session = $this->getMock('\OCP\ISession');
+ $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
+ $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
+ $userSession = $this->getMockBuilder('\OC\User\Session')
+ ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider])
+ ->setMethods(['logout'])
+ ->getMock();
+
+ $user = $this->getMock('\OCP\IUser');
+ $token = $this->getMock('\OC\Authentication\Token\IToken');
+
+ $session->expects($this->once())
+ ->method('getId')
+ ->will($this->returnValue('sessionid'));
+ $tokenProvider->expects($this->once())
+ ->method('getToken')
+ ->with('sessionid')
+ ->will($this->returnValue($token));
+ $session->expects($this->once())
+ ->method('get')
+ ->with('last_login_check')
+ ->will($this->returnValue(1000));
+ $timeFactory->expects($this->once())
+ ->method('getTime')
+ ->will($this->returnValue(5000));
+ $tokenProvider->expects($this->once())
+ ->method('getPassword')
+ ->with($token, 'sessionid')
+ ->will($this->returnValue('123456'));
+ $user->expects($this->once())
+ ->method('getUID')
+ ->will($this->returnValue('user5'));
+ $userManager->expects($this->once())
+ ->method('checkPassword')
+ ->with('user5', '123456')
+ ->will($this->returnValue(true));
+ $user->expects($this->once())
+ ->method('isEnabled')
+ ->will($this->returnValue(false));
+ $userSession->expects($this->once())
+ ->method('logout');
+
+ $this->invokePrivate($userSession, 'validateSession', [$user]);
+ }
+
}
--
GitLab