From e9ce5bd9cc65fa2c39dc4d851e7487ae527b4007 Mon Sep 17 00:00:00 2001
From: Yves Senn <yves.senn@gmail.com>
Date: Tue, 24 Nov 2015 09:43:10 +0100
Subject: [PATCH] make it possible to disable rememberMe.

The remember me functionality can be disabled completely by setting:

```yaml
ticket_granting_ticket:
  lifetime_long_term: -1
```

This does not only remove the "remember me" checkbox from the login
screen but also makes the `SessionsController` ignore any posted
rememberMe param.
---
 app/controllers/casino/sessions_controller.rb |  3 ++-
 app/helpers/casino/sessions_helper.rb         |  4 ++++
 app/views/casino/sessions/new.html.erb        |  7 ++++---
 spec/controllers/sessions_controller_spec.rb  | 11 +++++++++++
 spec/features/login_spec.rb                   | 14 ++++++++++++++
 5 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/app/controllers/casino/sessions_controller.rb b/app/controllers/casino/sessions_controller.rb
index 270e14df..84792184 100644
--- a/app/controllers/casino/sessions_controller.rb
+++ b/app/controllers/casino/sessions_controller.rb
@@ -24,7 +24,8 @@ def create
     if !validation_result
       show_login_error I18n.t('login_credential_acceptor.invalid_login_credentials')
     else
-      sign_in(validation_result, long_term: params[:rememberMe], credentials_supplied: true)
+      long_term = remember_me_enabled? && params[:rememberMe]
+      sign_in(validation_result, long_term: long_term, credentials_supplied: true)
     end
   end
 
diff --git a/app/helpers/casino/sessions_helper.rb b/app/helpers/casino/sessions_helper.rb
index 4e88d2d4..01b85868 100644
--- a/app/helpers/casino/sessions_helper.rb
+++ b/app/helpers/casino/sessions_helper.rb
@@ -50,6 +50,10 @@ def sign_out
     cookies.delete :tgt
   end
 
+  def remember_me_enabled?
+    CASino.config.ticket_granting_ticket[:lifetime_long_term] != -1
+  end
+
   private
   def handle_signed_in(tgt, options = {})
     if tgt.awaiting_two_factor_authentication?
diff --git a/app/views/casino/sessions/new.html.erb b/app/views/casino/sessions/new.html.erb
index 71050fc3..ebc101c1 100644
--- a/app/views/casino/sessions/new.html.erb
+++ b/app/views/casino/sessions/new.html.erb
@@ -19,8 +19,10 @@
         <%= text_field_tag :username, params[:username], autofocus:true %>
         <%= label_tag :password, t('login.label_password') %>
         <%= password_field_tag :password %>
-        <%= label_tag :rememberMe do %>
-          <%= check_box_tag :rememberMe, 1, params[:rememberMe] %> <%= t('login.label_remember_me') %>
+        <% if remember_me_enabled? %>
+          <%= label_tag :rememberMe do %>
+            <%= check_box_tag :rememberMe, 1, params[:rememberMe] %> <%= t('login.label_remember_me') %>
+          <% end %>
         <% end %>
         <%= button_tag t('login.label_button'), :class => 'button' %>
       <% end %>
@@ -28,4 +30,3 @@
   </div>
   <%= render 'footer' %>
 </div>
-
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 800ed4ba..7c0eef52 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -228,6 +228,17 @@
             tgt = CASino::TicketGrantingTicket.last
             tgt.long_term.should == true
           end
+
+          context 'with remember me disabled' do
+            before { CASino.config.ticket_granting_ticket[:lifetime_long_term] = -1 }
+            after { CASino.config.ticket_granting_ticket[:lifetime_long_term] = 864000 }
+
+            it 'does not create a long-term ticket-granting ticket' do
+              post :create, request_options
+              tgt = CASino::TicketGrantingTicket.last
+              tgt.long_term.should == false
+            end
+          end
         end
 
         context 'with two-factor authentication enabled' do
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb
index ffd92c85..1afc1df9 100644
--- a/spec/features/login_spec.rb
+++ b/spec/features/login_spec.rb
@@ -65,4 +65,18 @@
     it { should have_button('Login') }
     it { should have_text('Incorrect username or password') }
   end
+
+  context 'with remember me disabled' do
+    before { CASino.config.ticket_granting_ticket[:lifetime_long_term] = -1 }
+    after { CASino.config.ticket_granting_ticket[:lifetime_long_term] = 864000 }
+    before { visit login_path }
+
+    it { should_not have_field('rememberMe') }
+  end
+
+  context 'with remember me enabled' do
+    before { visit login_path }
+
+    it { should have_field('rememberMe') }
+  end
 end