mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 978 Wiki Activity
Browse Source

Merge pull request #16782 from nextcloud/fix/16729/stop-if-encrypted-token-null 

Stop if there is no encrypted token
tags/v17.0.0beta2
blizzz 4 years ago
parent
dd02920aed 9c4c5ee818
commit
6d20876eb2
No account linked to committer's email address
2 changed files with 22 additions and 2 deletions
Split View Show Diff Stats
  1. 5
    1
      core/Controller/LostController.php
  2. 17
    1
      tests/Core/Controller/LostControllerTest.php

+ 5
- 1
core/Controller/LostController.php View File

@@ -194,8 +194,12 @@ class LostController extends Controller {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}

$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
if ($encryptedToken === null) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}

try {
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
} catch (\Exception $e) {

+ 17
- 1
tests/Core/Controller/LostControllerTest.php View File

@@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase {
$this->assertSame($expectedResponse, $response);
}

public function testIsSetPasswordTokenNullFailing() {
$this->config->method('getUserValue')
->with('ValidTokenUser', 'core', 'lostpassword', null)
->willReturn(null);
$this->userManager->method('get')
->with('ValidTokenUser')
->willReturn($this->existingUser);

$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
$expectedResponse = [
'status' => 'error',
'msg' => 'Couldn\'t reset password because the token is invalid'
];
$this->assertSame($expectedResponse, $response);
}

public function testSetPasswordForDisabledUser() {
$user = $this->createMock(IUser::class);
$user->expects($this->any())
@@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase {
->willReturn('encryptedData');
$this->userManager->method('get')
->with('DisabledUser')
->willReturn($this->existingUser);
->willReturn($user);

$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
$expectedResponse = [

Write Preview
Loading…
Cancel
Save