Handle one time password better

author Carl Schwan <carl@carlschwan.eu>

Wed, 13 Jul 2022 13:27:55 +0000 (15:27 +0200)

committer Carl Schwan <carl@carlschwan.eu>

Thu, 28 Jul 2022 12:26:25 +0000 (14:26 +0200)
author Carl Schwan <carl@carlschwan.eu>
Wed, 13 Jul 2022 13:27:55 +0000 (15:27 +0200)
committer Carl Schwan <carl@carlschwan.eu>
Thu, 28 Jul 2022 12:26:25 +0000 (14:26 +0200)
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php

index 96bf9a8608798a181368b37b3585531c31ba7821..26928025b233b9e7dcb377b745c7ee7ee105c7ed 100644 (file)
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -401,7 +401,7 @@ class PublicKeyTokenProvider implements IProvider {
                 $this->cache->clear();
  
                 // prevent setting an empty pw as result of pw-less-login
-               if ($password === '') {
+               if ($password === '' || !$this->config->getSystemValueBool('auth.storeCryptedPassword', true)) {
                         return;
                 }
  
diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php

index db61244db5b65a2ec588115bebce6943a9f8a209..1ef0aa80817b31910875b015c8d21741cfe2ed9c 100644 (file)
--- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
+++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
@@ -98,7 +98,7 @@ class PublicKeyTokenProviderTest extends TestCase {
                 $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
         }
  
-       public function testGenerateTokenNoPassword() {
+       public function testGenerateTokenNoPassword(): void {
                 $token = 'token';
                 $uid = 'user';
                 $user = 'User';
@@ -171,6 +171,10 @@ class PublicKeyTokenProviderTest extends TestCase {
                         ->method('updateActivity')
                         ->with($tk, $this->time);
                 $tk->setLastActivity($this->time - 200);
+               $this->config->method('getSystemValueBool')
+                       ->willReturnMap([
+                               ['auth.storeCryptedPassword', true, true],
+                       ]);
  
                 $this->tokenProvider->updateTokenActivity($tk);
  
@@ -578,6 +582,10 @@ class PublicKeyTokenProviderTest extends TestCase {
                         'random2',
                         IToken::PERMANENT_TOKEN,
                         IToken::REMEMBER);
+               $this->config->method('getSystemValueBool')
+                       ->willReturnMap([
+                               ['auth.storeCryptedPassword', true, true],
+                       ]);
  
                 $this->mapper->method('hasExpiredTokens')
                         ->with($uid)
author	Carl Schwan <carl@carlschwan.eu>
	Wed, 13 Jul 2022 13:27:55 +0000 (15:27 +0200)
committer	Carl Schwan <carl@carlschwan.eu>
	Thu, 28 Jul 2022 12:26:25 +0000 (14:26 +0200)
lib/private/Authentication/Token/PublicKeyTokenProvider.php		patch \| blob \| history
tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php		patch \| blob \| history