diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-22 18:16:55 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-23 10:46:24 +0300 |
commit | e6333c8fe389aca4e1e8349f276de0058c20c6bb (patch) | |
tree | 09a98cfa0ed7706d830896a96fad7b33d10a7780 /core/Controller | |
parent | af36746d7cbcdb9a5be1c6843bf2bc658678490b (diff) |
Honor remember_login_cookie_lifetime
If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.
Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Controller')
-rw-r--r-- | core/Controller/LoginController.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 40e13b43c80..64899304d78 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -329,7 +329,14 @@ class LoginController extends Controller { // TODO: remove password checks from above and let the user session handle failures // requires https://github.com/owncloud/core/pull/24616 $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); - $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); + + $tokenType = IToken::REMEMBER; + if ((int)$this->config->getSystemValue('remember_login_cookie_lifetime', 60*60*24*15) === 0) { + $remember_login = false; + $tokenType = IToken::DO_NOT_REMEMBER; + } + + $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $tokenType); $this->userSession->updateTokens($loginResult->getUID(), $password); // User has successfully logged in, now remove the password reset link, when it is available |