From 9ee9d21cfd44e0e6b5ff3e2635f98e5ef3259cfd Mon Sep 17 00:00:00 2001 From: justin-sleep Date: Wed, 30 Nov 2016 15:26:08 -0600 Subject: [PATCH 1/3] Fix #2427 by converting $remember to integer Signed-off-by: justin-sleep --- lib/private/User/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index c3561cf64e32a..22a14e1752441 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -558,7 +558,7 @@ public function createSessionToken(IRequest $request, $uid, $loginName, $passwor try { $sessionId = $this->session->getId(); $pwd = $this->getPassword($password); - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember); + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, +$remember); return true; } catch (SessionNotAvailableException $ex) { // This can happen with OCC, where a memory session is used From bcadd22480359c168a1222bb5d1974b333b4df55 Mon Sep 17 00:00:00 2001 From: justin-sleep Date: Thu, 1 Dec 2016 04:58:38 -0600 Subject: [PATCH 2/3] Explicitly cast $remember to int rather than using identity operator Signed-off-by: justin-sleep --- lib/private/User/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 22a14e1752441..6d49a1b2ff234 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -558,7 +558,7 @@ public function createSessionToken(IRequest $request, $uid, $loginName, $passwor try { $sessionId = $this->session->getId(); $pwd = $this->getPassword($password); - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, +$remember); + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, (int)$remember); return true; } catch (SessionNotAvailableException $ex) { // This can happen with OCC, where a memory session is used From 25a5c655f7cfb24b2bac597d6ec6ca68316098e9 Mon Sep 17 00:00:00 2001 From: justin-sleep Date: Fri, 2 Dec 2016 14:07:45 -0600 Subject: [PATCH 3/3] Move integer casting to the top of the chain Signed-off-by: justin-sleep --- core/Controller/LoginController.php | 2 +- lib/private/User/Session.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index b1542de5d3c40..c3ccac37f780a 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -240,7 +240,7 @@ public function tryLogin($user, $password, $redirect_url, $remember_login = fals // TODO: remove password checks from above and let the user session handle failures // requires https://github.com/owncloud/core/pull/24616 $this->userSession->login($user, $password); - $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $remember_login); + $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login); // User has successfully logged in, now remove the password reset link, when it is available $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 6d49a1b2ff234..c3561cf64e32a 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -558,7 +558,7 @@ public function createSessionToken(IRequest $request, $uid, $loginName, $passwor try { $sessionId = $this->session->getId(); $pwd = $this->getPassword($password); - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, (int)$remember); + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember); return true; } catch (SessionNotAvailableException $ex) { // This can happen with OCC, where a memory session is used