diff options
| author | Julius Knorr <jus@bitgrid.net> | 2025-03-07 16:49:18 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-07 16:49:18 +0100 |
| commit | bb6b4626908b00faf4c0a37417b0a22fb76a7ab2 (patch) | |
| tree | dc91fdc9084944b5aea49699137d57b5654a3dae | |
| parent | 49e52c1779ac4bf1f632b78a8328e8e6401bd98f (diff) | |
| parent | 777cd941dc1bf7009bbb8465afd907c75b4d2d7b (diff) | |
| download | nextcloud-server-bb6b4626908b00faf4c0a37417b0a22fb76a7ab2.tar.gz nextcloud-server-bb6b4626908b00faf4c0a37417b0a22fb76a7ab2.zip | |
Merge pull request #51130 from nextcloud/fix/credential-passwordless-auth
fix: Do not build encrypted password if there is none
| -rw-r--r-- | lib/private/Authentication/LoginCredentials/Store.php | 14 | ||||
| -rw-r--r-- | tests/lib/Authentication/LoginCredentials/StoreTest.php | 40 |
2 files changed, 49 insertions, 5 deletions
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php index b6f22ce345f..67c5712715c 100644 --- a/lib/private/Authentication/LoginCredentials/Store.php +++ b/lib/private/Authentication/LoginCredentials/Store.php @@ -50,7 +50,9 @@ class Store implements IStore { * @param array $params */ public function authenticate(array $params) { - $params['password'] = $this->crypto->encrypt((string)$params['password']); + if ($params['password'] !== null) { + $params['password'] = $this->crypto->encrypt((string)$params['password']); + } $this->session->set('login_credentials', json_encode($params)); } @@ -97,10 +99,12 @@ class Store implements IStore { if ($trySession && $this->session->exists('login_credentials')) { /** @var array $creds */ $creds = json_decode($this->session->get('login_credentials'), true); - try { - $creds['password'] = $this->crypto->decrypt($creds['password']); - } catch (Exception $e) { - //decryption failed, continue with old password as it is + if ($creds['password'] !== null) { + try { + $creds['password'] = $this->crypto->decrypt($creds['password']); + } catch (Exception $e) { + //decryption failed, continue with old password as it is + } } return new Credentials( $creds['uid'], diff --git a/tests/lib/Authentication/LoginCredentials/StoreTest.php b/tests/lib/Authentication/LoginCredentials/StoreTest.php index c58bb09faaa..072ec2ab571 100644 --- a/tests/lib/Authentication/LoginCredentials/StoreTest.php +++ b/tests/lib/Authentication/LoginCredentials/StoreTest.php @@ -253,4 +253,44 @@ class StoreTest extends TestCase { $this->store->getLoginCredentials(); } + + public function testAuthenticatePasswordlessToken(): void { + $user = 'user987'; + $password = null; + + $params = [ + 'run' => true, + 'loginName' => $user, + 'uid' => $user, + 'password' => $password, + ]; + + $this->session->expects($this->once()) + ->method('set') + ->with($this->equalTo('login_credentials'), $this->equalTo(json_encode($params))); + + + $this->session->expects($this->once()) + ->method('getId') + ->willReturn('sess2233'); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with('sess2233') + ->will($this->throwException(new PasswordlessTokenException())); + + $this->session->expects($this->once()) + ->method('exists') + ->with($this->equalTo('login_credentials')) + ->willReturn(true); + $this->session->expects($this->once()) + ->method('get') + ->with($this->equalTo('login_credentials')) + ->willReturn(json_encode($params)); + + $this->store->authenticate($params); + $actual = $this->store->getLoginCredentials(); + + $expected = new Credentials($user, $user, $password); + $this->assertEquals($expected, $actual); + } } |