Christoph Wurst
8 yıl önce
6 değiştirilmiş dosya ile 143 ekleme ve 0 silme
+ 17
- 0
lib/private/Authentication/Token/DefaultTokenProvider.php
Dosyayı Görüntüle
| @@ -150,6 +150,23 @@ class DefaultTokenProvider implements IProvider { | |||
| return $this->decryptPassword($password, $tokenId); | |||
| } | |||
| /** | |||
| * Encrypt and set the password of the given token | |||
| * | |||
| * @param IToken $token | |||
| * @param string $tokenId | |||
| * @param string $password | |||
| * @throws InvalidTokenException | |||
| */ | |||
| public function setPassword(IToken $token, $tokenId, $password) { | |||
| if (!($token instanceof DefaultToken)) { | |||
| throw new InvalidTokenException(); | |||
| } | |||
| /** @var DefaultToken $token */ | |||
| $token->setPassword($this->encryptPassword($password, $tokenId)); | |||
| $this->mapper->update($token); | |||
| } | |||
| /** | |||
| * Invalidate (delete) the given session token | |||
| * | |||
+ 10
- 0
lib/private/Authentication/Token/IProvider.php
Dosyayı Görüntüle
| @@ -99,4 +99,14 @@ interface IProvider { | |||
| * @return string | |||
| */ | |||
| public function getPassword(IToken $token, $tokenId); | |||
| /** | |||
| * Encrypt and set the password of the given token | |||
| * | |||
| * @param IToken $token | |||
| * @param string $tokenId | |||
| * @param string $password | |||
| * @throws InvalidTokenException | |||
| */ | |||
| public function setPassword(IToken $token, $tokenId, $password); | |||
| } | |||
+ 17
- 0
lib/private/User/Session.php
Dosyayı Görüntüle
| @@ -676,4 +676,21 @@ class Session implements IUserSession, Emitter { | |||
| setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); | |||
| } | |||
| /** | |||
| * Update password of the browser session token if there is one | |||
| * | |||
| * @param string $password | |||
| */ | |||
| public function updateSessionTokenPassword($password) { | |||
| try { | |||
| $sessionId = $this->session->getId(); | |||
| $token = $this->tokenProvider->getToken($sessionId); | |||
| $this->tokenProvider->setPassword($token, $sessionId, $password); | |||
| } catch (SessionNotAvailableException $ex) { | |||
| // Nothing to do | |||
| } catch (InvalidTokenException $ex) { | |||
| // Nothing to do | |||
| } | |||
| } | |||
| } | |||
+ 1
- 0
settings/ChangePassword/Controller.php
Dosyayı Görüntüle
| @@ -46,6 +46,7 @@ class Controller { | |||
| exit(); | |||
| } | |||
| if (!is_null($password) && \OC_User::setPassword($username, $password)) { | |||
| \OC::$server->getUserSession()->updateSessionTokenPassword($username, $password); | |||
| \OC_JSON::success(); | |||
| } else { | |||
| \OC_JSON::error(); | |||
+ 33
- 0
tests/lib/Authentication/Token/DefaultTokenProviderTest.php
Dosyayı Görüntüle
| @@ -175,6 +175,39 @@ class DefaultTokenProviderTest extends TestCase { | |||
| $tokenProvider->getPassword($tk, $token); | |||
| } | |||
| public function testSetPassword() { | |||
| $token = new DefaultToken(); | |||
| $tokenId = 'token123'; | |||
| $password = '123456'; | |||
| $this->config->expects($this->once()) | |||
| ->method('getSystemValue') | |||
| ->with('secret') | |||
| ->will($this->returnValue('ocsecret')); | |||
| $this->crypto->expects($this->once()) | |||
| ->method('encrypt') | |||
| ->with($password, $tokenId . 'ocsecret') | |||
| ->will($this->returnValue('encryptedpassword')); | |||
| $this->mapper->expects($this->once()) | |||
| ->method('update') | |||
| ->with($token); | |||
| $this->tokenProvider->setPassword($token, $tokenId, $password); | |||
| $this->assertEquals('encryptedpassword', $token->getPassword()); | |||
| } | |||
| /** | |||
| * @expectedException \OC\Authentication\Exceptions\InvalidTokenException | |||
| */ | |||
| public function testSetPasswordInvalidToken() { | |||
| $token = $this->getMock('\OC\Authentication\Token\IToken'); | |||
| $tokenId = 'token123'; | |||
| $password = '123456'; | |||
| $this->tokenProvider->setPassword($token, $tokenId, $password); | |||
| } | |||
| public function testInvalidateToken() { | |||
| $this->mapper->expects($this->once()) | |||
| ->method('invalidate') | |||
+ 65
- 0
tests/lib/User/SessionTest.php
Dosyayı Görüntüle
| @@ -818,4 +818,69 @@ class SessionTest extends \Test\TestCase { | |||
| $this->invokePrivate($userSession, 'validateSession', [$user]); | |||
| } | |||
| public function testUpdateSessionTokenPassword() { | |||
| $userManager = $this->getMock('\OCP\IUserManager'); | |||
| $session = $this->getMock('\OCP\ISession'); | |||
| $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory'); | |||
| $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider'); | |||
| $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config); | |||
| $password = '123456'; | |||
| $sessionId ='session1234'; | |||
| $token = new \OC\Authentication\Token\DefaultToken(); | |||
| $session->expects($this->once()) | |||
| ->method('getId') | |||
| ->will($this->returnValue($sessionId)); | |||
| $tokenProvider->expects($this->once()) | |||
| ->method('getToken') | |||
| ->with($sessionId) | |||
| ->will($this->returnValue($token)); | |||
| $tokenProvider->expects($this->once()) | |||
| ->method('setPassword') | |||
| ->with($token, $sessionId, $password); | |||
| $userSession->updateSessionTokenPassword($password); | |||
| } | |||
| public function testUpdateSessionTokenPasswordNoSessionAvailable() { | |||
| $userManager = $this->getMock('\OCP\IUserManager'); | |||
| $session = $this->getMock('\OCP\ISession'); | |||
| $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory'); | |||
| $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider'); | |||
| $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config); | |||
| $session->expects($this->once()) | |||
| ->method('getId') | |||
| ->will($this->throwException(new \OCP\Session\Exceptions\SessionNotAvailableException())); | |||
| $userSession->updateSessionTokenPassword('1234'); | |||
| } | |||
| public function testUpdateSessionTokenPasswordInvalidTokenException() { | |||
| $userManager = $this->getMock('\OCP\IUserManager'); | |||
| $session = $this->getMock('\OCP\ISession'); | |||
| $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory'); | |||
| $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider'); | |||
| $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config); | |||
| $password = '123456'; | |||
| $sessionId ='session1234'; | |||
| $token = new \OC\Authentication\Token\DefaultToken(); | |||
| $session->expects($this->once()) | |||
| ->method('getId') | |||
| ->will($this->returnValue($sessionId)); | |||
| $tokenProvider->expects($this->once()) | |||
| ->method('getToken') | |||
| ->with($sessionId) | |||
| ->will($this->returnValue($token)); | |||
| $tokenProvider->expects($this->once()) | |||
| ->method('setPassword') | |||
| ->with($token, $sessionId, $password) | |||
| ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException())); | |||
| $userSession->updateSessionTokenPassword($password); | |||
| } | |||
| } | |||
Loading…