Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login
Do not check the IP address with session protection disabled
This commit is contained in:
commit
905f8675a7
2 changed files with 17 additions and 0 deletions
|
@ -58,6 +58,9 @@ public function __construct(& $globals, $configManager, $sessionManager)
|
|||
*/
|
||||
public function generateStaySignedInToken($clientIpAddress)
|
||||
{
|
||||
if ($this->configManager->get('security.session_protection_disabled') === true) {
|
||||
$clientIpAddress = '';
|
||||
}
|
||||
$this->staySignedInToken = sha1(
|
||||
$this->configManager->get('credentials.hash')
|
||||
. $clientIpAddress
|
||||
|
|
|
@ -260,6 +260,20 @@ public function testGenerateStaySignedInToken()
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a token depending on the user credentials with session protected disabled
|
||||
*/
|
||||
public function testGenerateStaySignedInTokenSessionProtectionDisabled()
|
||||
{
|
||||
$this->configManager->set('security.session_protection_disabled', true);
|
||||
$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
|
||||
|
||||
$this->assertEquals(
|
||||
sha1($this->passwordHash . $this->salt),
|
||||
$this->loginManager->getStaySignedInToken()
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login - Shaarli has not yet been configured
|
||||
*/
|
||||
|
|
Loading…
Reference in a new issue