diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2020-04-16 11:53:24 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-16 11:53:24 +0200 |
| commit | d55f4183b568aa46daacd266e842bb458ea8ce9d (patch) | |
| tree | 70e08388ddebbcb4c7049440488f5f6faa6a8789 | |
| parent | 8971403ada3da110dc0835853e83f231103b11d9 (diff) | |
| parent | 5437844b7ec24d6011e8f1e4a0df5f727d259ea5 (diff) | |
| download | nextcloud-server-d55f4183b568aa46daacd266e842bb458ea8ce9d.tar.gz nextcloud-server-d55f4183b568aa46daacd266e842bb458ea8ce9d.zip | |
Merge pull request #20505 from nextcloud/fix/noid/system-creds
do not advertise nulled userId for for systemwide credentials
| -rw-r--r-- | lib/private/Security/CredentialsManager.php | 12 | ||||
| -rw-r--r-- | lib/public/Security/ICredentialsManager.php | 6 | ||||
| -rw-r--r-- | tests/lib/Security/CredentialsManagerTest.php | 33 |
3 files changed, 42 insertions, 9 deletions
diff --git a/lib/private/Security/CredentialsManager.php b/lib/private/Security/CredentialsManager.php index 770919dacd7..d187acdf02b 100644 --- a/lib/private/Security/CredentialsManager.php +++ b/lib/private/Security/CredentialsManager.php @@ -53,7 +53,7 @@ class CredentialsManager implements ICredentialsManager { /** * Store a set of credentials * - * @param string|null $userId Null for system-wide credentials + * @param string $userId empty string for system-wide credentials * @param string $identifier * @param mixed $credentials */ @@ -61,7 +61,7 @@ class CredentialsManager implements ICredentialsManager { $value = $this->crypto->encrypt(json_encode($credentials)); $this->dbConnection->setValues(self::DB_TABLE, [ - 'user' => $userId, + 'user' => (string)$userId, 'identifier' => $identifier, ], [ 'credentials' => $value, @@ -71,7 +71,7 @@ class CredentialsManager implements ICredentialsManager { /** * Retrieve a set of credentials * - * @param string|null $userId Null for system-wide credentials + * @param string $userId empty string for system-wide credentials * @param string $identifier * @return mixed */ @@ -79,7 +79,7 @@ class CredentialsManager implements ICredentialsManager { $qb = $this->dbConnection->getQueryBuilder(); $qb->select('credentials') ->from(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId))) + ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) ; $result = $qb->execute()->fetch(); @@ -95,14 +95,14 @@ class CredentialsManager implements ICredentialsManager { /** * Delete a set of credentials * - * @param string|null $userId Null for system-wide credentials + * @param string $userId empty string for system-wide credentials * @param string $identifier * @return int rows removed */ public function delete($userId, $identifier) { $qb = $this->dbConnection->getQueryBuilder(); $qb->delete(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId))) + ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) ; return $qb->execute(); diff --git a/lib/public/Security/ICredentialsManager.php b/lib/public/Security/ICredentialsManager.php index b1daad30c9f..0b34d9a28ca 100644 --- a/lib/public/Security/ICredentialsManager.php +++ b/lib/public/Security/ICredentialsManager.php @@ -33,7 +33,7 @@ interface ICredentialsManager { /** * Store a set of credentials * - * @param string|null $userId Null for system-wide credentials + * @param string $userId empty string for system-wide credentials * @param string $identifier * @param mixed $credentials * @since 8.2.0 @@ -43,7 +43,7 @@ interface ICredentialsManager { /** * Retrieve a set of credentials * - * @param string|null $userId Null for system-wide credentials + * @param string $userId empty string for system-wide credentials * @param string $identifier * @return mixed * @since 8.2.0 @@ -53,7 +53,7 @@ interface ICredentialsManager { /** * Delete a set of credentials * - * @param string|null $userId Null for system-wide credentials + * @param string $userId empty string for system-wide credentials * @param string $identifier * @return int rows removed * @since 8.2.0 diff --git a/tests/lib/Security/CredentialsManagerTest.php b/tests/lib/Security/CredentialsManagerTest.php index 8b58542f8c3..9c1a0cb9291 100644 --- a/tests/lib/Security/CredentialsManagerTest.php +++ b/tests/lib/Security/CredentialsManagerTest.php @@ -27,6 +27,9 @@ use OCP\IDBConnection; use OCP\ILogger; use OCP\Security\ICrypto; +/** + * @group DB + */ class CredentialsManagerTest extends \Test\TestCase { /** @var ICrypto */ @@ -106,4 +109,34 @@ class CredentialsManagerTest extends \Test\TestCase { $this->manager->retrieve($userId, $identifier); } + + /** + * @dataProvider credentialsProvider + */ + public function testWithDB($userId, $identifier) { + $credentialsManager = \OC::$server->getCredentialsManager(); + + $secrets = 'Open Sesame'; + + $credentialsManager->store($userId, $identifier, $secrets); + $received = $credentialsManager->retrieve($userId, $identifier); + + $this->assertSame($secrets, $received); + + $removedRows = $credentialsManager->delete($userId, $identifier); + $this->assertSame(1, $removedRows); + } + + public function credentialsProvider() { + return [ + [ + 'alice', + 'privateCredentials' + ], + [ + '', + 'systemCredentials', + ], + ]; + } } |