Merge pull request #2044 from nextcloud/login-credential-store

Login credential store
9 years ago · 5bad417e57
parent e50320dc71 3ee5c7ea4e
commit 5bad417e57
22 changed files with 637 additions and 80 deletions
--- a/apps/encryption/appinfo/info.xml
+++ b/apps/encryption/appinfo/info.xml
@ -18,8 +18,7 @@
 		<user>user-encryption</user>
 		<admin>admin-encryption</admin>
 	</documentation>
-	<rememberlogin>false</rememberlogin>
-	<version>1.5.0</version>
+	<version>1.6.0</version>
 	<types>
 		<filesystem/>
 	</types>
--- a/apps/files_external/appinfo/info.xml
+++ b/apps/files_external/appinfo/info.xml
@ -12,8 +12,7 @@ External storage can be configured using the GUI or at the command line. This se
 	<documentation>
 		<admin>admin-external-storage</admin>
 	</documentation>
-	<rememberlogin>false</rememberlogin>
-	<version>1.2.0</version>
+	<version>1.3.0</version>
 	<types>
 		<filesystem/>
 	</types>
--- a/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php
+++ b/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php
@ -1,4 +1,5 @@
 <?php
+
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -23,61 +24,42 @@

 namespace OCA\Files_External\Lib\Auth\Password;

-use \OCP\IUser;
-use \OCP\IL10N;
-use \OCA\Files_External\Lib\DefinitionParameter;
-use \OCA\Files_External\Lib\Auth\AuthMechanism;
-use \OCA\Files_External\Lib\StorageConfig;
-use \OCP\ISession;
-use \OCP\Security\ICrypto;
-use \OCP\Files\Storage;
-use \OCA\Files_External\Lib\SessionStorageWrapper;
-use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
+use OCA\Files_External\Lib\Auth\AuthMechanism;
+use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
+use OCA\Files_External\Lib\SessionStorageWrapper;
+use OCA\Files_External\Lib\StorageConfig;
+use OCP\Authentication\Exceptions\CredentialsUnavailableException;
+use OCP\Authentication\LoginCredentials\IStore as CredentialsStore;
+use OCP\Files\Storage;
+use OCP\IL10N;
+use OCP\IUser;

 /**
 * Username and password from login credentials, saved in session
 */
 class SessionCredentials extends AuthMechanism {

-	/** @var ISession */
-	protected $session;
-
-	/** @var ICrypto */
-	protected $crypto;
+	/** @var CredentialsStore */
+	private $credentialsStore;

-	public function __construct(IL10N $l, ISession $session, ICrypto $crypto) {
-		$this->session = $session;
-		$this->crypto = $crypto;
+	public function __construct(IL10N $l, CredentialsStore $credentialsStore) {
+		$this->credentialsStore = $credentialsStore;

-		$this
-			->setIdentifier('password::sessioncredentials')
+		$this->setIdentifier('password::sessioncredentials')
 			->setScheme(self::SCHEME_PASSWORD)
 			->setText($l->t('Log-in credentials, save in session'))
-			->addParameters([
-			])
-		;
-
-		\OCP\Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
-	}
-
-	/**
-	 * Hook listener on post login
-	 *
-	 * @param array $params
-	 */
-	public function authenticate(array $params) {
-		$this->session->set('password::sessioncredentials/credentials', $this->crypto->encrypt(json_encode($params)));
+			->addParameters([]);
 	}

 	public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) {
-		$encrypted = $this->session->get('password::sessioncredentials/credentials');
-		if (!isset($encrypted)) {
+		try {
+			$credentials = $this->credentialsStore->getLoginCredentials();
+		} catch (CredentialsUnavailableException $e) {
 			throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved');
 		}

-		$credentials = json_decode($this->crypto->decrypt($encrypted), true);
-		$storage->setBackendOption('user', $this->session->get('loginname'));
-		$storage->setBackendOption('password', $credentials['password']);
+		$storage->setBackendOption('user', $credentials->getLoginName());
+		$storage->setBackendOption('password', $credentials->getPassword());
 	}

 	public function wrapStorage(Storage $storage) {
--- a/apps/files_external/tests/Command/ListCommandTest.php
+++ b/apps/files_external/tests/Command/ListCommandTest.php
@ -31,25 +31,27 @@ use OCA\Files_External\Lib\Backend\Local;
 use OCA\Files_External\Lib\StorageConfig;
 use OCA\Files_External\Service\GlobalStoragesService;
 use OCA\Files_External\Service\UserStoragesService;
+use OCP\Authentication\LoginCredentials\IStore;
 use OCP\IL10N;
 use OCP\ISession;
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\Security\ICrypto;
+use PHPUnit_Framework_MockObject_MockObject;
 use Symfony\Component\Console\Output\BufferedOutput;

 class ListCommandTest extends CommandTest {
 	/**
-	 * @return \OCA\Files_External\Command\ListCommand|\PHPUnit_Framework_MockObject_MockObject
+	 * @return ListCommand|PHPUnit_Framework_MockObject_MockObject
 	 */
 	private function getInstance() {
-		/** @var \OCA\Files_External\Service\GlobalStoragesService|\PHPUnit_Framework_MockObject_MockObject $globalService */
+		/** @var GlobalStoragesService|PHPUnit_Framework_MockObject_MockObject $globalService */
 		$globalService = $this->createMock(GlobalStoragesService::class);
-		/** @var \OCA\Files_External\Service\UserStoragesService|\PHPUnit_Framework_MockObject_MockObject $userService */
+		/** @var UserStoragesService|PHPUnit_Framework_MockObject_MockObject $userService */
 		$userService = $this->createMock(UserStoragesService::class);
-		/** @var \OCP\IUserManager|\PHPUnit_Framework_MockObject_MockObject $userManager */
+		/** @var IUserManager|PHPUnit_Framework_MockObject_MockObject $userManager */
 		$userManager = $this->createMock(IUserManager::class);
-		/** @var \OCP\IUserSession|\PHPUnit_Framework_MockObject_MockObject $userSession */
+		/** @var IUserSession|PHPUnit_Framework_MockObject_MockObject $userSession */
 		$userSession = $this->createMock(IUserSession::class);

 		return new ListCommand($globalService, $userService, $userSession, $userManager);
@ -64,7 +66,8 @@ class ListCommandTest extends CommandTest {
 		$mount1->setAuthMechanism(new Password($l10n));
 		$mount1->setBackend(new Local($l10n, new NullMechanism($l10n)));
 		$mount2 = new StorageConfig();
-		$mount2->setAuthMechanism(new SessionCredentials($l10n, $session, $crypto));
+		$credentialStore = $this->createMock(IStore::class);
+		$mount2->setAuthMechanism(new SessionCredentials($l10n, $credentialStore));
 		$mount2->setBackend(new Local($l10n, new NullMechanism($l10n)));
 		$input = $this->getInput($instance, [], [
 			'output' => 'json'
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@ -159,7 +159,6 @@ class LoginController extends Controller {
 		}

 		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
-		$parameters['rememberLoginAllowed'] = OC_Util::rememberLoginAllowed();
 		$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;

 		if (!is_null($user) && $user !== '') {
--- a/core/templates/login.php
+++ b/core/templates/login.php
@ -68,7 +68,6 @@ script('core', [
 		<input type="submit" id="submit" class="login primary icon-confirm-white" title="" value="<?php p($l->t('Log in')); ?>" disabled="disabled" />

 		<div class="login-additional">
-			<?php if ($_['rememberLoginAllowed'] === true) : ?>
 			<div class="remember-login-container">
 				<?php if ($_['rememberLoginState'] === 0) { ?>
 				<input type="checkbox" name="remember_login" value="1" id="remember_login" class="checkbox checkbox--white">
@ -77,7 +76,6 @@ script('core', [
 				<?php } ?>
 				<label for="remember_login"><?php p($l->t('Stay logged in')); ?></label>
 			</div>
-			<?php endif; ?>
 		</div>

 		<input type="hidden" name="timezone_offset" id="timezone_offset"/>
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@ -54,7 +54,10 @@ return array(
    'OCP\\App\\AppPathNotFoundException' => $baseDir . '/lib/public/App/AppPathNotFoundException.php',
    'OCP\\App\\IAppManager' => $baseDir . '/lib/public/App/IAppManager.php',
    'OCP\\App\\ManagerEvent' => $baseDir . '/lib/public/App/ManagerEvent.php',
+    'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
    'OCP\\Authentication\\IApacheBackend' => $baseDir . '/lib/public/Authentication/IApacheBackend.php',
+    'OCP\\Authentication\\LoginCredentials\\ICredentials' => $baseDir . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
+    'OCP\\Authentication\\LoginCredentials\\IStore' => $baseDir . '/lib/public/Authentication/LoginCredentials/IStore.php',
    'OCP\\Authentication\\TwoFactorAuth\\IProvider' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IProvider.php',
    'OCP\\Authentication\\TwoFactorAuth\\TwoFactorException' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/TwoFactorException.php',
    'OCP\\AutoloadNotAllowedException' => $baseDir . '/lib/public/AutoloadNotAllowedException.php',
@ -324,6 +327,8 @@ return array(
    'OC\\Authentication\\Exceptions\\PasswordlessTokenException' => $baseDir . '/lib/private/Authentication/Exceptions/PasswordlessTokenException.php',
    'OC\\Authentication\\Exceptions\\TwoFactorAuthRequiredException' => $baseDir . '/lib/private/Authentication/Exceptions/TwoFactorAuthRequiredException.php',
    'OC\\Authentication\\Exceptions\\UserAlreadyLoggedInException' => $baseDir . '/lib/private/Authentication/Exceptions/UserAlreadyLoggedInException.php',
+    'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
+    'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
    'OC\\Authentication\\Token\\DefaultToken' => $baseDir . '/lib/private/Authentication/Token/DefaultToken.php',
    'OC\\Authentication\\Token\\DefaultTokenCleanupJob' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenCleanupJob.php',
    'OC\\Authentication\\Token\\DefaultTokenMapper' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenMapper.php',
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@ -84,7 +84,10 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
        'OCP\\App\\AppPathNotFoundException' => __DIR__ . '/../../..' . '/lib/public/App/AppPathNotFoundException.php',
        'OCP\\App\\IAppManager' => __DIR__ . '/../../..' . '/lib/public/App/IAppManager.php',
        'OCP\\App\\ManagerEvent' => __DIR__ . '/../../..' . '/lib/public/App/ManagerEvent.php',
+        'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
        'OCP\\Authentication\\IApacheBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IApacheBackend.php',
+        'OCP\\Authentication\\LoginCredentials\\ICredentials' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
+        'OCP\\Authentication\\LoginCredentials\\IStore' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/IStore.php',
        'OCP\\Authentication\\TwoFactorAuth\\IProvider' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IProvider.php',
        'OCP\\Authentication\\TwoFactorAuth\\TwoFactorException' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/TwoFactorException.php',
        'OCP\\AutoloadNotAllowedException' => __DIR__ . '/../../..' . '/lib/public/AutoloadNotAllowedException.php',
@ -354,6 +357,8 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
        'OC\\Authentication\\Exceptions\\PasswordlessTokenException' => __DIR__ . '/../../..' . '/lib/private/Authentication/Exceptions/PasswordlessTokenException.php',
        'OC\\Authentication\\Exceptions\\TwoFactorAuthRequiredException' => __DIR__ . '/../../..' . '/lib/private/Authentication/Exceptions/TwoFactorAuthRequiredException.php',
        'OC\\Authentication\\Exceptions\\UserAlreadyLoggedInException' => __DIR__ . '/../../..' . '/lib/private/Authentication/Exceptions/UserAlreadyLoggedInException.php',
+        'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
+        'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
        'OC\\Authentication\\Token\\DefaultToken' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultToken.php',
        'OC\\Authentication\\Token\\DefaultTokenCleanupJob' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenCleanupJob.php',
        'OC\\Authentication\\Token\\DefaultTokenMapper' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenMapper.php',
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@ -93,6 +93,10 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 			return new Output($this->getServer()->getWebRoot());
 		});

+		$this->registerService(\OCP\Authentication\LoginCredentials\IStore::class, function() {
+			return $this->getServer()->query(\OCP\Authentication\LoginCredentials\IStore::class);
+		});
+
 		$this->registerService('OCP\\IAvatarManager', function($c) {
 			return $this->getServer()->getAvatarManager();
 		});
--- a/lib/private/Authentication/LoginCredentials/Credentials.php
+++ b/lib/private/Authentication/LoginCredentials/Credentials.php
@ -0,0 +1,72 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Authentication\LoginCredentials;
+
+use OCP\Authentication\LoginCredentials\ICredentials;
+
+class Credentials implements ICredentials {
+
+	/** @var string */
+	private $uid;
+
+	/** @var string */
+	private $loginName;
+
+	/** @var string */
+	private $password;
+
+	/**
+	 * @param string $uid
+	 * @param string $loginName
+	 * @param string $password
+	 */
+	public function __construct($uid, $loginName, $password) {
+		$this->uid = $uid;
+		$this->loginName = $loginName;
+		$this->password = $password;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getUID() {
+		return $this->uid;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getLoginName() {
+		return $this->loginName;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getPassword() {
+		return $this->password;
+	}
+
+}
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@ -0,0 +1,120 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Authentication\LoginCredentials;
+
+use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\PasswordlessTokenException;
+use OC\Authentication\Token\IProvider;
+use OCP\Authentication\Exceptions\CredentialsUnavailableException;
+use OCP\Authentication\LoginCredentials\ICredentials;
+use OCP\Authentication\LoginCredentials\IStore;
+use OCP\ILogger;
+use OCP\ISession;
+use OCP\Session\Exceptions\SessionNotAvailableException;
+use OCP\Util;
+
+class Store implements IStore {
+
+	/** @var ISession */
+	private $session;
+
+	/** @var ILogger */
+	private $logger;
+
+	/** @var IProvider|null */
+	private $tokenProvider;
+
+	/**
+	 * @param ISession $session
+	 * @param ILogger $logger
+	 * @param IProvider $tokenProvider
+	 */
+	public function __construct(ISession $session, ILogger $logger, IProvider $tokenProvider = null) {
+		$this->session = $session;
+		$this->logger = $logger;
+		$this->tokenProvider = $tokenProvider;
+
+		Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
+	}
+
+	/**
+	 * Hook listener on post login
+	 *
+	 * @param array $params
+	 */
+	public function authenticate(array $params) {
+		$this->session->set('login_credentials', json_encode($params));
+	}
+
+	/**
+	 * Replace the session implementation
+	 *
+	 * @param ISession $session
+	 */
+	public function setSession(ISession $session) {
+		$this->session = $session;
+	}
+
+	/**
+	 * @since 12
+	 *
+	 * @return ICredentials the login credentials of the current user
+	 * @throws CredentialsUnavailableException
+	 */
+	public function getLoginCredentials() {
+		if (is_null($this->tokenProvider)) {
+			throw new CredentialsUnavailableException();
+		}
+
+		$trySession = false;
+		try {
+			$sessionId = $this->session->getId();
+			$token = $this->tokenProvider->getToken($sessionId);
+
+			$uid = $token->getUID();
+			$user = $token->getLoginName();
+			$password = $this->tokenProvider->getPassword($token, $sessionId);
+
+			return new Credentials($uid, $user, $password);
+		} catch (SessionNotAvailableException $ex) {
+			$this->logger->debug('could not get login credentials because session is unavailable', ['app' => 'core']);
+		} catch (InvalidTokenException $ex) {
+			$this->logger->debug('could not get login credentials because the token is invalid', ['app' => 'core']);
+			$trySession = true;
+		} catch (PasswordlessTokenException $ex) {
+			$this->logger->debug('could not get login credentials because the token has no password', ['app' => 'core']);
+			$trySession = true;
+		}
+
+		if ($trySession && $this->session->exists('login_credentials')) {
+			$creds = json_decode($this->session->get('login_credentials'));
+			return new Credentials($creds->uid, $creds->uid, $creds->password);
+		}
+
+		// If we reach this line, an exception was thrown.
+		throw new CredentialsUnavailableException();
+	}
+
+}
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@ -46,6 +46,7 @@ use OC\App\AppStore\Fetcher\AppFetcher;
 use OC\App\AppStore\Fetcher\CategoryFetcher;
 use OC\AppFramework\Http\Request;
 use OC\AppFramework\Utility\TimeFactory;
+use OC\Authentication\LoginCredentials\Store;
 use OC\Command\AsyncBus;
 use OC\Diagnostics\EventLogger;
 use OC\Diagnostics\NullEventLogger;
@ -89,6 +90,7 @@ use OC\Security\TrustedDomainHelper;
 use OC\Session\CryptoWrapper;
 use OC\Tagging\TagMapper;
 use OCA\Theming\ThemingDefaults;
+use OCP\Authentication\LoginCredentials\IStore;
 use OCP\IL10N;
 use OCP\IServerContainer;
 use OCP\RichObjectStrings\IValidator;
@ -246,6 +248,17 @@ class Server extends ServerContainer implements IServerContainer {
 			});
 			return $groupManager;
 		});
+		$this->registerService(Store::class, function(Server $c) {
+			$session = $c->getSession();
+			if (\OC::$server->getSystemConfig()->getValue('installed', false)) {
+				$tokenProvider = $c->query('OC\Authentication\Token\IProvider');
+			} else {
+				$tokenProvider = null;
+			}
+			$logger = $c->getLogger();
+			return new Store($session, $logger, $tokenProvider);
+		});
+		$this->registerAlias(IStore::class, Store::class);
 		$this->registerService('OC\Authentication\Token\DefaultTokenMapper', function (Server $c) {
 			$dbConnection = $c->getDatabaseConnection();
 			return new Authentication\Token\DefaultTokenMapper($dbConnection);
@ -1000,7 +1013,8 @@ class Server extends ServerContainer implements IServerContainer {
 	 */
 	public function setSession(\OCP\ISession $session) {
 		$this->query(SessionStorage::class)->setSession($session);
-		return $this->query('UserSession')->setSession($session);
+		$this->query('UserSession')->setSession($session);
+		$this->query(Store::class)->setSession($session);
 	}

 	/**
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@ -1001,27 +1001,6 @@ class OC_Util {
 		}
 	}

-	/**
-	 * Check if it is allowed to remember login.
-	 *
-	 * @note Every app can set 'rememberlogin' to 'false' to disable the remember login feature
-	 *
-	 * @return bool
-	 */
-	public static function rememberLoginAllowed() {
-
-		$apps = OC_App::getEnabledApps();
-
-		foreach ($apps as $app) {
-			$appInfo = OC_App::getAppInfo($app);
-			if (isset($appInfo['rememberlogin']) && $appInfo['rememberlogin'] === 'false') {
-				return false;
-			}
-
-		}
-		return true;
-	}
-
 	/**
 	 * Check if the user is a subadmin, redirects to home if not
 	 *
--- a/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php
+++ b/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php
@ -0,0 +1,34 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Authentication\Exceptions;
+
+use Exception;
+
+/**
+ * @since 12
+ */
+class CredentialsUnavailableException extends Exception {
+
+}
--- a/lib/public/Authentication/LoginCredentials/ICredentials.php
+++ b/lib/public/Authentication/LoginCredentials/ICredentials.php
@ -0,0 +1,58 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Authentication\LoginCredentials;
+
+/**
+ * @since 12
+ */
+interface ICredentials {
+
+	/**
+	 * Get the user UID
+	 *
+	 * @since 12
+	 *
+	 * @return string
+	 */
+	public function getUID();
+
+	/**
+	 * Get the login name the users used to login
+	 *
+	 * @since 12
+	 *
+	 * @return string
+	 */
+	public function getLoginName();
+
+	/**
+	 * Get the password
+	 *
+	 * @since 12
+	 *
+	 * @return string
+	 */
+	public function getPassword();
+}
--- a/lib/public/Authentication/LoginCredentials/IStore.php
+++ b/lib/public/Authentication/LoginCredentials/IStore.php
@ -0,0 +1,44 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Authentication\LoginCredentials;
+
+use OCP\Authentication\Exceptions\CredentialsUnavailableException;
+
+/**
+ * @since 12
+ */
+interface IStore {
+	
+	/**
+	 * Get login credentials of the currently logged in user
+	 *
+	 * @since 12
+	 *
+	 * @throws CredentialsUnavailableException
+	 * @return ICredentials the login credentials of the current user
+	 */
+	public function getLoginCredentials();
+	
+}
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@ -179,7 +179,6 @@ class LoginControllerTest extends TestCase {
 				'user_autofocus' => true,
 				'canResetPassword' => true,
 				'alt_login' => [],
-				'rememberLoginAllowed' => \OC_Util::rememberLoginAllowed(),
 				'rememberLoginState' => 0,
 				'resetPasswordLink' => null,
 			],
@ -238,7 +237,6 @@ class LoginControllerTest extends TestCase {
 				'user_autofocus' => false,
 				'canResetPassword' => $expectedResult,
 				'alt_login' => [],
-				'rememberLoginAllowed' => \OC_Util::rememberLoginAllowed(),
 				'rememberLoginState' => 0,
 				'resetPasswordLink' => false,
 			],
@ -277,7 +275,6 @@ class LoginControllerTest extends TestCase {
 				'user_autofocus' => false,
 				'canResetPassword' => false,
 				'alt_login' => [],
-				'rememberLoginAllowed' => \OC_Util::rememberLoginAllowed(),
 				'rememberLoginState' => 0,
 				'resetPasswordLink' => false,
 			],
--- a/tests/data/app/expected-info.json
+++ b/tests/data/app/expected-info.json
@ -13,7 +13,6 @@
 		"user": "user-encryption",
 		"admin": "admin-encryption"
 	},
-	"rememberlogin": "false",
 	"types": ["filesystem"],
 	"ocsid": "166047",
 	"dependencies": {
--- a/tests/data/app/invalid-info.xml
+++ b/tests/data/app/invalid-info.xml
@ -14,7 +14,6 @@
 		<user>user-encryption</user>
 		<admin>admin-encryption</admin>
 	</documentation>
-	<rememberlogin>false</rememberlogin>
 	<types>
 		<filesystem/>
 	</types>
--- a/tests/data/app/valid-info.xml
+++ b/tests/data/app/valid-info.xml
@ -14,7 +14,6 @@
 		<user>user-encryption</user>
 		<admin>admin-encryption</admin>
 	</documentation>
-	<rememberlogin>false</rememberlogin>
 	<types>
 		<filesystem/>
 	</types>
--- a/tests/lib/Authentication/LoginCredentials/CredentialsTest.php
+++ b/tests/lib/Authentication/LoginCredentials/CredentialsTest.php
@ -0,0 +1,66 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Test\Authentication\LoginCredentials;
+
+use OC\Authentication\LoginCredentials\Credentials;
+use Test\TestCase;
+
+class CredentialsTest extends TestCase {
+
+	/** @var string */
+	private $uid;
+
+	/** @var string */
+	private $user;
+
+	/** @var string */
+	private $password;
+
+	/** @var Credentials */
+	private $credentials;
+
+	protected function setUp() {
+		parent::setUp();
+
+		$this->uid = 'user123';
+		$this->user = 'User123';
+		$this->password = '123456';
+
+		$this->credentials = new Credentials($this->uid, $this->user, $this->password);
+	}
+
+	public function testGetUID() {
+		$this->assertEquals($this->uid, $this->credentials->getUID());
+	}
+
+	public function testGetUserName() {
+		$this->assertEquals($this->user, $this->credentials->getLoginName());
+	}
+
+	public function testGetPassword() {
+		$this->assertEquals($this->password, $this->credentials->getPassword());
+	}
+
+}
--- a/tests/lib/Authentication/LoginCredentials/StoreTest.php
+++ b/tests/lib/Authentication/LoginCredentials/StoreTest.php
@ -0,0 +1,182 @@
+<?php
+
+/**
+ * @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Test\Authentication\LoginCredentials;
+
+use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\PasswordlessTokenException;
+use OC\Authentication\LoginCredentials\Credentials;
+use OC\Authentication\LoginCredentials\Store;
+use OC\Authentication\Token\IProvider;
+use OC\Authentication\Token\IToken;
+use OCP\Authentication\Exceptions\CredentialsUnavailableException;
+use OCP\ILogger;
+use OCP\ISession;
+use OCP\Session\Exceptions\SessionNotAvailableException;
+use PHPUnit_Framework_MockObject_MockObject;
+use Test\TestCase;
+
+class StoreTest extends TestCase {
+
+	/** @var ISession|PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+
+	/** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
+	private $tokenProvider;
+
+	/** @var ILogger|PHPUnit_Framework_MockObject_MockObject */
+	private $logger;
+
+	/** @var Store */
+	private $store;
+
+	protected function setUp() {
+		parent::setUp();
+
+		$this->session = $this->createMock(ISession::class);
+		$this->tokenProvider = $this->createMock(IProvider::class);
+		$this->logger = $this->createMock(ILogger::class);
+
+		$this->store = new Store($this->session, $this->logger, $this->tokenProvider);
+	}
+
+	public function testAuthenticate() {
+		$params = [
+			'run' => true,
+			'uid' => 'user123',
+			'password' => 123456,
+		];
+
+		$this->session->expects($this->once())
+			->method('set')
+			->with($this->equalTo('login_credentials'), $this->equalTo(json_encode($params)));
+
+		$this->store->authenticate($params);
+	}
+
+	public function testSetSession() {
+		$session = $this->createMock(ISession::class);
+
+		$this->store->setSession($session);
+	}
+
+	public function testGetLoginCredentialsNoTokenProvider() {
+		$this->store = new Store($this->session, $this->logger, null);
+
+		$this->expectException(CredentialsUnavailableException::class);
+
+		$this->store->getLoginCredentials();
+	}
+
+	public function testGetLoginCredentials() {
+		$uid = 'uid';
+		$user = 'user123';
+		$password = 'passme';
+		$token = $this->createMock(IToken::class);
+		$this->session->expects($this->once())
+			->method('getId')
+			->willReturn('sess2233');
+		$this->tokenProvider->expects($this->once())
+			->method('getToken')
+			->with('sess2233')
+			->willReturn($token);
+		$token->expects($this->once())
+			->method('getUID')
+			->willReturn($uid);
+		$token->expects($this->once())
+			->method('getLoginName')
+			->willReturn($user);
+		$this->tokenProvider->expects($this->once())
+			->method('getPassword')
+			->with($token, 'sess2233')
+			->willReturn($password);
+		$expected = new Credentials($uid, $user, $password);
+
+		$creds = $this->store->getLoginCredentials();
+
+		$this->assertEquals($expected, $creds);
+	}
+
+	public function testGetLoginCredentialsSessionNotAvailable() {
+		$this->session->expects($this->once())
+			->method('getId')
+			->will($this->throwException(new SessionNotAvailableException()));
+		$this->expectException(CredentialsUnavailableException::class);
+
+		$this->store->getLoginCredentials();
+	}
+
+	public function testGetLoginCredentialsInvalidToken() {
+		$this->session->expects($this->once())
+			->method('getId')
+			->willReturn('sess2233');
+		$this->tokenProvider->expects($this->once())
+			->method('getToken')
+			->with('sess2233')
+			->will($this->throwException(new InvalidTokenException()));
+		$this->expectException(CredentialsUnavailableException::class);
+
+		$this->store->getLoginCredentials();
+	}
+
+	public function testGetLoginCredentialsInvalidTokenLoginCredentials() {
+		$uid = 'user987';
+		$password = '7389374';
+
+		$this->session->expects($this->once())
+			->method('getId')
+			->willReturn('sess2233');
+		$this->tokenProvider->expects($this->once())
+			->method('getToken')
+			->with('sess2233')
+			->will($this->throwException(new InvalidTokenException()));
+		$this->session->expects($this->once())
+			->method('exists')
+			->with($this->equalTo('login_credentials'))
+			->willReturn(true);
+		$this->session->expects($this->once())
+			->method('get')
+			->with($this->equalTo('login_credentials'))
+			->willReturn('{"run":true,"uid":"user987","password":"7389374"}');
+		$expected = new Credentials('user987', 'user987', '7389374');
+
+		$actual = $this->store->getLoginCredentials();
+
+		$this->assertEquals($expected, $actual);
+	}
+
+	public function testGetLoginCredentialsPasswordlessToken() {
+		$this->session->expects($this->once())
+			->method('getId')
+			->willReturn('sess2233');
+		$this->tokenProvider->expects($this->once())
+			->method('getToken')
+			->with('sess2233')
+			->will($this->throwException(new PasswordlessTokenException()));
+		$this->expectException(CredentialsUnavailableException::class);
+
+		$this->store->getLoginCredentials();
+	}
+
+}