Record login timestamp per user. Required for new user managament.

[blizzz]

This PR cleans up the tryRememberLogin method first, moves the core part to the user session and also adds tests for it. This is necessary, because we need to record the timestamp as well, when a magic cookie (remember checkbox active) is used. The \OC\User\User object gets method to update and return the login timestamp. Updating the timestamp is triggered by postLogin and postRememberedLogin (new!) events. I tested it for login via web interface, remember cookie and desktop client.

There is also a command line tool to get the last login of a specific user. Example:

$ ./occ user:lastseen master
master`s last login: 23.05.2014 08:48

This PR is required for new user management in #7151.

Please test/review @LukasReschke @icewind1991 @DeepDiver1975

[karlitschek]

👍

[blizzz]

@DeepDiver1975 IIRC you wanted to check this with Apache or another way of auth'ing?

[DeepDiver1975]

where did that code goto? OC_User::loginWithCookie?

[blizzz]

to lib/private/user/session.php line 188 (invoked by OC_User::loginWithCookie)

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4959/

[ghost]

💣 Test Failed. 💣
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4960/

[blizzz]

»Test Result (no failures)«

[icewind1991]

Tested, code looks good 👍

[blizzz]

Oh, i found one minor thing. The hour was given in 12h format but without am/pm indicator. Now its 24h format. So last commit changed just the case of one letter :)

[ghost]

💣 Test Failed. 💣
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4986/

[blizzz]

Still no failures, why the script dos not return 0 is

16:22:43 npm ERR! Failed to parse json
16:22:43 npm ERR! Unexpected end of input
16:22:43 npm ERR! File: /var/lib/jenkins/.npm/karma-phantomjs-launcher/0.1.4/package/package.json

tests are fine

[LukasReschke]

Can we use this opportunity to rename the functions to something saner than magic cookie? - It's absolutely unusual named and hard to understand. (Remember me, Remember, whatever..)

[LukasReschke]

That statement is not entirely correct as this could also be triggered if an user has only not logged in since this feature has been added.

It may give the administrator a plausible misbelieve that the user has never logged in while this is not the case. Can we adjust this somehow?

[blizzz]

"has never logged in, yet." → "has never logged in (since availability of ownCloud 7.0.0)."

OK?

[LukasReschke]

I think this returns void and not null. Therefore the @return statement can be dropped.

See http://www.phpdoc.org/docs/latest/for-users/phpdoc/tags/return.html:

It is RECOMMENDED when documenting to use this tag with every function and method. Exceptions to this recommendation are:

• constructors, the @return tag MAY be omitted here, in which case @return self is implied.
• functions and methods without a return value, the @return tag MAY be omitted here, in which case @return void is implied.

[blizzz]

if no specific return is done (→ void) null will be returned, anyway, but I get the point and will drop it.

[LukasReschke]

I haven't properly tested this yet. Please don't merge.

[ghost]

💣 Test Failed. 💣
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4996/

[blizzz]

Can we use this opportunity to rename the functions to something saner than magic cookie? - It's absolutely unusual named and hard to understand. (Remember me, Remember, whatever..)

It would effect other files as well (e.g. core/lostpassword/controller.php, tests/autotest-clover-sqlite.xml), while I have nothing against changing the name I would prefer not to do it in this PR.

[blizzz]

Regarding the client: when launched the login timestamp will be updated, but as long as the client is running, even through days and suspending the laptop, the timestamp is not being updated.

How is the client keeping the authentication? @DeepDiver1975 @danimo

[DeepDiver1975]

How is the client keeping the authentication? @DeepDiver1975 @danimo

Desktop clients use the same session mechanisms as the browser does.
But the mobile apps (as long as not authenticating via shibboleth) still use basic auth, which would trigger a login on every request

[scrutinizer-notifier]

The inspection completed: 6 new issues, 11 updated code elements

[ghost]

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/5022/

[blizzz]

@DeepDiver1975 right, makes sense, i set back the session life time to default. In that case it probably make sense to check the timestamp on session regenerate too, and update it when the old one is > 24hrs (resp. session lifetime) ago.

[blizzz]

@LukasReschke when you look into your crystal ball, can you see when you do proper testing?

[LukasReschke]

@LukasReschke when you look into your crystal ball, can you see when you do proper testing?

My crystal ball says tomorrow 18:00 CET - at latest ;-)

[blizzz]

k, cool, thx

[LukasReschke]

🔮 said to me that I should 👍 this.

[blizzz]

thank you @:crystal_ball: and @LukasReschke