adjust db token cleanup to store remembered tokens longer

Signed-off-by: Christoph Wurst <[email protected]>

core/Controller/LoginController.php

@@ -237,7 +237,7 @@ public function tryLogin($user, $password, $redirect_url, $remember_login) {
 		// TODO: remove password checks from above and let the user session handle failures
 		// requires https://github.com/owncloud/core/pull/24616
 		$this->userSession->login($user, $password);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password);
+		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, $remember_login);
 
 		// User has successfully logged in, now remove the password reset link, when it is available
 		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');

db_structure.xml

@@ -1125,6 +1125,15 @@
 				<length>2</length>
 			</field>
 
+			<field>
+				<name>remember</name>
+				<type>integer</type>
+				<default>0</default>
+				<notnull>true</notnull>
+				<unsigned>true</unsigned>
+				<length>1</length>
+			</field>
+
 			<field>
 				<name>last_activity</name>
 				<type>integer</type>

lib/private/Authentication/Token/DefaultToken.php

@@ -35,6 +35,8 @@
  * @method string getToken()
  * @method void setType(string $type)
  * @method int getType()
+ * @method void setRemember(int $remember)
+ * @method int getRemember()
  * @method void setLastActivity(int $lastActivity)
  * @method int getLastActivity()
  */
@@ -70,6 +72,11 @@ class DefaultToken extends Entity implements IToken {
 	 */
 	protected $type;
 
+	/**
+	 * @var int
+	 */
+	protected $remember;
+
 	/**
 	 * @var int
 	 */

lib/private/Authentication/Token/DefaultTokenMapper.php

@@ -40,24 +40,25 @@ public function __construct(IDBConnection $db) {
 	 * @param string $token
 	 */
 	public function invalidate($token) {
+		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$qb->delete('authtoken')
-			->andWhere($qb->expr()->eq('token', $qb->createParameter('token')))
+			->where($qb->expr()->eq('token', $qb->createParameter('token')))
 			->setParameter('token', $token)
 			->execute();
 	}
 
 	/**
 	 * @param int $olderThan
+	 * @param int $remember
 	 */
-	public function invalidateOld($olderThan) {
+	public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$qb->delete('authtoken')
-			->where($qb->expr()->lt('last_activity', $qb->createParameter('last_activity')))
-			->andWhere($qb->expr()->eq('type', $qb->createParameter('type')))
-			->setParameter('last_activity', $olderThan, IQueryBuilder::PARAM_INT)
-			->setParameter('type', IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)
+			->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
+			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
+			->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
 			->execute();
 	}
 
@@ -71,7 +72,7 @@ public function invalidateOld($olderThan) {
 	public function getToken($token) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check')
+		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check')
 			->from('authtoken')
 			->where($qb->expr()->eq('token', $qb->createParameter('token')))
 			->setParameter('token', $token)
@@ -97,7 +98,7 @@ public function getToken($token) {
 	public function getTokenByUser(IUser $user) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check')
+		$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check')
 			->from('authtoken')
 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
 			->setMaxResults(1000);

lib/private/Authentication/Token/DefaultTokenProvider.php

@@ -73,9 +73,10 @@ public function __construct(DefaultTokenMapper $mapper, ICrypto $crypto, IConfig
 	 * @param string|null $password
 	 * @param string $name
 	 * @param int $type token type
+	 * @param int $remember whether the session token should be used for remember-me
 	 * @return IToken
 	 */
-	public function generateToken($token, $uid, $loginName, $password, $name, $type = IToken::TEMPORARY_TOKEN) {
+	public function generateToken($token, $uid, $loginName, $password, $name, $type = IToken::TEMPORARY_TOKEN, $remember = IToken::DO_NOT_REMEMBER) {
 		$dbToken = new DefaultToken();
 		$dbToken->setUid($uid);
 		$dbToken->setLoginName($loginName);
@@ -85,6 +86,7 @@ public function generateToken($token, $uid, $loginName, $password, $name, $type
 		$dbToken->setName($name);
 		$dbToken->setToken($this->hashToken($token));
 		$dbToken->setType($type);
+		$dbToken->setRemember($remember);
 		$dbToken->setLastActivity($this->time->getTime());
 
 		$this->mapper->insert($dbToken);
@@ -228,8 +230,11 @@ public function invalidateTokenById(IUser $user, $id) {
 	 */
 	public function invalidateOldTokens() {
 		$olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24);
-		$this->logger->info('Invalidating tokens older than ' . date('c', $olderThan));
-		$this->mapper->invalidateOld($olderThan);
+		$this->logger->info('Invalidating session tokens older than ' . date('c', $olderThan));
+		$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER);
+		$rememberThreshold = $this->time->getTime() - (int) $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
+		$this->logger->info('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold));
+		$this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER);
 	}
 
 	/**

lib/private/Authentication/Token/IProvider.php

@@ -38,9 +38,10 @@ interface IProvider {
 	 * @param string|null $password
 	 * @param string $name
 	 * @param int $type token type
+	 * @param int $remember whether the session token should be used for remember-me
 	 * @return IToken
 	 */
-	public function generateToken($token, $uid, $loginName, $password, $name, $type = IToken::TEMPORARY_TOKEN);
+	public function generateToken($token, $uid, $loginName, $password, $name, $type = IToken::TEMPORARY_TOKEN, $remember = IToken::DO_NOT_REMEMBER);
 
 	/**
 	 * Get a token by token id

lib/private/Authentication/Token/IToken.php

@@ -28,6 +28,8 @@ interface IToken extends JsonSerializable {
 
 	const TEMPORARY_TOKEN = 0;
 	const PERMANENT_TOKEN = 1;
+	const DO_NOT_REMEMBER = 0;
+	const REMEMBER = 1;
 
 	/**
 	 * Get the token ID

lib/private/User/Session.php

@@ -523,9 +523,10 @@ private function loginWithToken($token) {
 	 * @param string $uid user UID
 	 * @param string $loginName login name
 	 * @param string $password
+	 * @param int $remember
 	 * @return boolean
 	 */
-	public function createSessionToken(IRequest $request, $uid, $loginName, $password = null) {
+	public function createSessionToken(IRequest $request, $uid, $loginName, $password = null, $remember = IToken::DO_NOT_REMEMBER) {
 		if (is_null($this->manager->get($uid))) {
 			// User does not exist
 			return false;
@@ -534,7 +535,7 @@ public function createSessionToken(IRequest $request, $uid, $loginName, $passwor
 		try {
 			$sessionId = $this->session->getId();
 			$pwd = $this->getPassword($password);
-			$this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name);
+			$this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
 			return true;
 		} catch (SessionNotAvailableException $ex) {
 			// This can happen with OCC, where a memory session is used

version.php

@@ -25,7 +25,7 @@
 // We only can count up. The 4. digit is only for the internal patchlevel to trigger DB upgrades
 // between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel
 // when updating major/minor version number.
-$OC_Version = array(9, 2, 0, 4);
+$OC_Version = array(9, 2, 0, 5);
 
 // The human readable string
 $OC_VersionString = '11.0 alpha';