Record login timestamp per user. Required for new user managament.

core/command/user/lastseen.php

@@ -0,0 +1,47 @@
+<?php
+/**
+ * Copyright (c) 2014 Arthur Schiwon <[email protected]>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\Command\User;
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Input\InputArgument;
+
+class LastSeen extends Command {
+	protected function configure() {
+		$this
+			->setName('user:lastseen')
+			->setDescription('shows when the user was logged it last time')
+			->addArgument(
+				'uid',
+				InputArgument::REQUIRED,
+				'the username'
+			);
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output) {
+		$userManager = \OC::$server->getUserManager();
+		$user = $userManager->get($input->getArgument('uid'));
+		if(is_null($user)) {
+			$output->writeln('User does not exist');
+			return;
+		}
+
+		$lastLogin = $user->getLastLogin();
+		if($lastLogin === 0) {
+			$output->writeln('User ' . $user->getUID() .
+				' has never logged in, yet.');
+		} else {
+			$date = new \DateTime();
+			$date->setTimestamp($lastLogin);
+			$output->writeln($user->getUID() .
+				'`s last login: ' . $date->format('d.m.Y H:i'));
+		}
+	}
+}

core/register_command.php

@@ -17,3 +17,4 @@
 $application->add(new OC\Core\Command\App\ListApps());
 $application->add(new OC\Core\Command\Maintenance\Repair(new \OC\Repair()));
 $application->add(new OC\Core\Command\User\Report());
+$application->add(new OC\Core\Command\User\LastSeen());

lib/base.php

@@ -883,30 +883,24 @@ protected static function tryRememberLogin() {
 		if (defined("DEBUG") && DEBUG) {
 			OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
 		}
-		// confirm credentials in cookie
-		if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username'])) {
-			// delete outdated cookies
+
+		if(OC_User::userExists($_COOKIE['oc_username'])) {
 			self::cleanupLoginTokens($_COOKIE['oc_username']);
-			// get stored tokens
-			$tokens = OC_Preferences::getKeys($_COOKIE['oc_username'], 'login_token');
-			// test cookies token against stored tokens
-			if (in_array($_COOKIE['oc_token'], $tokens, true)) {
-				// replace successfully used token with a new one
-				OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']);
-				$token = OC_Util::generateRandomBytes(32);
-				OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time());
-				OC_User::setMagicInCookie($_COOKIE['oc_username'], $token);
-				// login
-				OC_User::setUserId($_COOKIE['oc_username']);
+			// confirm credentials in cookie
+			$granted = OC_User::loginWithCookie(
+				$_COOKIE['oc_username'], $_COOKIE['oc_token']);
+			if($granted === true) {
 				OC_Util::redirectToDefaultPage();
 				// doesn't return
 			}
+			OC_Log::write('core', 'Authentication cookie rejected for user ' .
+				$_COOKIE['oc_username'], OC_Log::WARN);
 			// if you reach this point you have changed your password
 			// or you are an attacker
 			// we can not delete tokens here because users may reach
 			// this point multiple times after a password change
-			OC_Log::write('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], OC_Log::WARN);
 		}
+
 		OC_User::unsetMagicInCookie();
 		return true;
 	}

lib/private/user.php

@@ -235,6 +235,17 @@ public static function login($uid, $password) {
 		return self::getUserSession()->login($uid, $password);
 	}
 
+	/**
+	 * Try to login a user using the magic cookie (remember login)
+	 *
+	 * @param string $uid The username of the user to log in
+	 * @param string $token
+	 * @return bool
+	 */
+	public static function loginWithCookie($uid, $token) {
+		return self::getUserSession()->loginWithCookie($uid, $token);
+	}
+
 	/**
 	 * Try to login a user, assuming authentication
 	 * has already happened (e.g. via Single Sign On).

lib/private/user/manager.php

@@ -52,6 +52,12 @@ public function __construct($config = null) {
 				unset($cachedUsers[$i]);
 			}
 		});
+		$this->listen('\OC\User', 'postLogin', function ($user) {
+			$user->updateLastLoginTimestamp();
+		});
+		$this->listen('\OC\User', 'postRememberedLogin', function ($user) {
+			$user->updateLastLoginTimestamp();
+		});
 	}
 
 	/**

lib/private/user/session.php

@@ -170,6 +170,38 @@ public function login($uid, $password) {
 		}
 	}
 
+	/**
+	 * perform login using the magic cookie (remember login)
+	 *
+	 * @param string $uid the username
+	 * @param string $currentToken
+	 * @return bool
+	 */
+	public function loginWithCookie($uid, $currentToken) {
+		$user = $this->manager->get($uid);
+		if(is_null($user)) {
+			// user does not exist
+			return false;
+		}
+
+		// get stored tokens
+		$tokens = \OC_Preferences::getKeys($uid, 'login_token');
+		// test cookies token against stored tokens
+		if(!in_array($currentToken, $tokens, true)) {
+			return false;
+		}
+		// replace successfully used token with a new one
+		\OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
+		$newToken = \OC_Util::generateRandomBytes(32);
+		\OC_Preferences::setValue($uid, 'login_token', $newToken, time());
+		$this->setMagicInCookie($user->getUID(), $newToken);
+
+		//login
+		$this->setUser($user);
+		$this->manager->emit('\OC\User', 'postRememberedLogin', array($user));
+		return true;
+	}
+
 	/**
 	 * logout the user from the session
 	 */

lib/private/user/user.php

@@ -42,6 +42,11 @@ class User {
 	 */
 	private $home;
 
+	/**
+	 * @var int $lastLogin
+	 */
+	private $lastLogin;
+
 	/**
 	 * @var \OC\AllConfig $config
 	 */
@@ -64,6 +69,7 @@ public function __construct($uid, $backend, $emitter = null, $config = null) {
 		} else {
 			$this->enabled = true;
 		}
+		$this->lastLogin = \OC_Preferences::getValue($uid, 'login', 'lastLogin', 0);
 	}
 
 	/**
@@ -107,6 +113,27 @@ public function setDisplayName($displayName) {
 		}
 	}
 
+	/**
+	 * returns the timestamp of the user's last login or 0 if the user did never
+	 * login
+	 *
+	 * @return int
+	 */
+	public function getLastLogin() {
+		return $this->lastLogin;
+	}
+
+	/**
+	 * updates the timestamp of the most recent login of this user
+	 *
+	 * @return null
+	 */
+	public function updateLastLoginTimestamp() {
+		$this->lastLogin = time();
+		\OC_Preferences::setValue(
+			$this->uid, 'login', 'lastLogin', $this->lastLogin);
+	}
+
 	/**
 	 * Delete the user
 	 *