diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-05-26 21:18:57 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-26 21:18:57 +0200 |
| commit | 9bb07d3fbd5824034ff66b76dee5c47b15b3ff57 (patch) | |
| tree | 2455ed0a554cc892fa52fbe9d4596e5431fcf2c6 | |
| parent | 69e2aa029b70539ce7739114a978797c170e4d5c (diff) | |
| parent | 653162a70952be9c4bcdf9fb01df3b3f14031a20 (diff) | |
| download | nextcloud-server-9bb07d3fbd5824034ff66b76dee5c47b15b3ff57.tar.gz nextcloud-server-9bb07d3fbd5824034ff66b76dee5c47b15b3ff57.zip | |
Merge pull request #21106 from nextcloud/fix/10809/user-pwd-change-loginname
use the loginname to verify the old password in user password changes
| -rw-r--r-- | apps/settings/lib/Controller/ChangePasswordController.php | 3 | ||||
| -rw-r--r-- | tests/Core/Controller/ChangePasswordControllerTest.php | 32 |
2 files changed, 29 insertions, 6 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index 439731b22eb..e6567bf9043 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -89,8 +89,9 @@ class ChangePasswordController extends Controller { * @BruteForceProtection(action=changePersonalPassword) */ public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { + $loginName = $this->userSession->getLoginName(); /** @var IUser $user */ - $user = $this->userManager->checkPassword($this->userId, $oldpassword); + $user = $this->userManager->checkPassword($loginName, $oldpassword); if ($user === false) { $response = new JSONResponse([ 'status' => 'error', diff --git a/tests/Core/Controller/ChangePasswordControllerTest.php b/tests/Core/Controller/ChangePasswordControllerTest.php index 175628552bc..21a80b61063 100644 --- a/tests/Core/Controller/ChangePasswordControllerTest.php +++ b/tests/Core/Controller/ChangePasswordControllerTest.php @@ -36,6 +36,8 @@ use OCP\IUserManager; class ChangePasswordControllerTest extends \Test\TestCase { /** @var string */ private $userId = 'currentUser'; + /** @var string */ + private $loginName = 'ua1337'; /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ private $userManager; /** @var Session|\PHPUnit_Framework_MockObject_MockObject */ @@ -75,9 +77,13 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordWrongPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn(false); $expects = new JSONResponse([ @@ -93,10 +99,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordCommonPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $user->expects($this->once()) @@ -116,10 +126,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordNoNewPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $expects = [ @@ -132,10 +146,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordCantSetPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $user->expects($this->once()) @@ -152,10 +170,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $user->expects($this->once()) |