From 6f1b8e1fee0c005db06309fb066fee11299307b0 Mon Sep 17 00:00:00 2001
From: Vlasta Ramik <vramik@redhat.com>
Date: Wed, 9 Nov 2016 10:33:46 +0100
Subject: [PATCH] remove KEYCLOAK_REMEMBERME when user logs in without
 rememberme checked + tests

---
 .../managers/AuthenticationManager.java       |  6 ++-
 .../keycloak/testsuite/forms/LoginTest.java   | 50 +++++++++++++++++++
 .../keycloak/testsuite/forms/LogoutTest.java  | 46 +++++++++++++++++
 3 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index d0eb66b495..b3f2638e99 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -436,7 +436,11 @@ public class AuthenticationManager {
         // refresh the cookies!
         createLoginCookie(session, realm, userSession.getUser(), userSession, uriInfo, clientConnection);
         if (userSession.getState() != UserSessionModel.State.LOGGED_IN) userSession.setState(UserSessionModel.State.LOGGED_IN);
-        if (userSession.isRememberMe()) createRememberMeCookie(realm, userSession.getLoginUsername(), uriInfo, clientConnection);
+        if (userSession.isRememberMe()) {
+            createRememberMeCookie(realm, userSession.getLoginUsername(), uriInfo, clientConnection);
+        } else {
+            expireRememberMeCookie(realm, uriInfo, clientConnection);
+        }
 
         // Update userSession note with authTime. But just if flag SSO_AUTH is not set
         if (!isSSOAuthentication(clientSession)) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index c4522c6df7..adb67345fd 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -45,6 +45,7 @@ import java.util.Map;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
 
 /**
@@ -481,6 +482,55 @@ public class LoginTest extends TestRealmKeycloakTest {
             setRememberMe(false);
         }
     }
+
+    //KEYCLOAK-2741
+    @Test
+    public void loginAgainWithoutRememberMe() {
+        setRememberMe(true);
+
+        try {
+            //login with remember me
+            loginPage.open();
+            assertFalse(loginPage.isRememberMeChecked());
+            loginPage.setRememberMe(true);
+            assertTrue(loginPage.isRememberMeChecked());
+            loginPage.login("login-test", "password");
+
+            Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+            Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
+            EventRepresentation loginEvent = events.expectLogin().user(userId)
+                                                   .detail(Details.USERNAME, "login-test")
+                                                   .detail(Details.REMEMBER_ME, "true")
+                                                   .assertEvent();
+            String sessionId = loginEvent.getSessionId();
+
+            // Expire session
+            testingClient.testing().removeUserSession("test", sessionId);
+
+            // Assert rememberMe checked and username/email prefilled
+            loginPage.open();
+            assertTrue(loginPage.isRememberMeChecked());
+            Assert.assertEquals("login-test", loginPage.getUsername());
+
+            //login without remember me
+            loginPage.setRememberMe(false);
+            loginPage.login("login-test", "password");
+            
+            // Expire session
+            loginEvent = events.expectLogin().user(userId)
+                                                   .detail(Details.USERNAME, "login-test")
+                                                   .assertEvent();
+            sessionId = loginEvent.getSessionId();
+            testingClient.testing().removeUserSession("test", sessionId);
+            
+            // Assert rememberMe not checked nor username/email prefilled
+            loginPage.open();
+            assertFalse(loginPage.isRememberMeChecked());
+            assertNotEquals("login-test", loginPage.getUsername());
+        } finally {
+            setRememberMe(false);
+        }
+    }
     
     @Test
     // KEYCLOAK-3181
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
index 1dd7aac924..0810029358 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
@@ -29,8 +29,10 @@ import org.keycloak.testsuite.pages.LoginPage;
 import java.io.IOException;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
+import org.keycloak.testsuite.auth.page.account.AccountManagement;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -47,6 +49,9 @@ public class LogoutTest extends TestRealmKeycloakTest {
     @Page
     protected LoginPage loginPage;
 
+    @Page
+    protected AccountManagement accountManagementPage;
+
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
     }
@@ -130,4 +135,45 @@ public class LogoutTest extends TestRealmKeycloakTest {
         events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent();
     }
 
+    //KEYCLOAK-2741
+    @Test
+    public void logoutWithRememberMe() {
+        setRememberMe(true);
+        
+        try {
+            loginPage.open();
+            assertFalse(loginPage.isRememberMeChecked());
+            loginPage.setRememberMe(true);
+            assertTrue(loginPage.isRememberMeChecked());
+            loginPage.login("test-user@localhost", "password");
+
+            String sessionId = events.expectLogin().assertEvent().getSessionId();
+
+            // Expire session
+            testingClient.testing().removeUserSession("test", sessionId);
+
+            // Assert rememberMe checked and username/email prefilled
+            loginPage.open();
+            assertTrue(loginPage.isRememberMeChecked());
+            assertEquals("test-user@localhost", loginPage.getUsername());
+
+            loginPage.login("test-user@localhost", "password");
+            
+            //log out
+            appPage.openAccount();
+            accountManagementPage.signOut();
+            // Assert rememberMe not checked nor username/email prefilled
+            assertTrue(loginPage.isCurrent());
+            assertFalse(loginPage.isRememberMeChecked());
+            assertNotEquals("test-user@localhost", loginPage.getUsername());
+        } finally {
+            setRememberMe(false);
+        }
+    }
+    
+    private void setRememberMe(boolean enabled) {
+        RealmRepresentation rep = adminClient.realm("test").toRepresentation();
+        rep.setRememberMe(enabled);
+        adminClient.realm("test").update(rep);
+    }
 }