Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login

Do not check the IP address with session protection disabled

tests/security/LoginManagerTest.php

@@ -260,6 +260,20 @@ class LoginManagerTest extends TestCase
         );
     }
 
+    /**
+     * Generate a token depending on the user credentials with session protected disabled
+     */
+    public function testGenerateStaySignedInTokenSessionProtectionDisabled()
+    {
+        $this->configManager->set('security.session_protection_disabled', true);
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+
+        $this->assertEquals(
+            sha1($this->passwordHash . $this->salt),
+            $this->loginManager->getStaySignedInToken()
+        );
+    }
+
     /**
      * Check user login - Shaarli has not yet been configured
      */