Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login

Do not check the IP address with session protection disabled
This commit is contained in:
ArthurHoaro 2019-02-09 12:36:31 +01:00 committed by GitHub
commit 905f8675a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions

View file

@ -58,6 +58,9 @@ class LoginManager
*/
public function generateStaySignedInToken($clientIpAddress)
{
if ($this->configManager->get('security.session_protection_disabled') === true) {
$clientIpAddress = '';
}
$this->staySignedInToken = sha1(
$this->configManager->get('credentials.hash')
. $clientIpAddress

View file

@ -260,6 +260,20 @@ class LoginManagerTest extends TestCase
);
}
/**
* Generate a token depending on the user credentials with session protected disabled
*/
public function testGenerateStaySignedInTokenSessionProtectionDisabled()
{
$this->configManager->set('security.session_protection_disabled', true);
$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
$this->assertEquals(
sha1($this->passwordHash . $this->salt),
$this->loginManager->getStaySignedInToken()
);
}
/**
* Check user login - Shaarli has not yet been configured
*/