diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2021-09-14 09:50:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-14 09:50:22 +0200 |
| commit | a994ef0c4fae63b40cc0bb4ace2766b75a22ff0b (patch) | |
| tree | b520161c350c2cb5d11dcf44ed8f6e6fe86271b0 | |
| parent | 58891a965537bc2865cf710c2c33655124b12940 (diff) | |
| parent | 6857136f06190acad26a4dfc541c9c688aa75014 (diff) | |
| download | nextcloud-server-a994ef0c4fae63b40cc0bb4ace2766b75a22ff0b.tar.gz nextcloud-server-a994ef0c4fae63b40cc0bb4ace2766b75a22ff0b.zip | |
Merge pull request #28792 from nextcloud/fix/noid/lost-password-missing-prefix
fixes missing prefix to validate password reset token
| -rw-r--r-- | core/Controller/LostController.php | 3 | ||||
| -rw-r--r-- | tests/Core/Controller/LostControllerTest.php | 7 |
2 files changed, 7 insertions, 3 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index cee3837ac5a..a8c459a32e1 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -172,7 +172,8 @@ class LostController extends Controller { */ protected function checkPasswordResetToken(string $token, string $userId): void { try { - $this->verificationToken->check($token, $this->userManager->get($userId), 'lostpassword', '', true); + $user = $this->userManager->get($userId); + $this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true); } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index a9dd4c1797b..e860c808014 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -153,7 +153,7 @@ class LostControllerTest extends \Test\TestCase { ->willReturn($this->existingUser); $this->verificationToken->expects($this->once()) ->method('check') - ->with('12345:MySecretToken', $this->existingUser, 'lostpassword') + ->with('12345:MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com') ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR)); $response = $this->lostController->resetform('12345:MySecretToken', 'ValidTokenUser'); @@ -174,7 +174,7 @@ class LostControllerTest extends \Test\TestCase { ->willReturn($this->existingUser); $this->verificationToken->expects($this->once()) ->method('check') - ->with('MySecretToken', $this->existingUser, 'lostpassword'); + ->with('MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com'); $response = $this->lostController->resetform('MySecretToken', 'ValidTokenUser'); $expectedResponse = new TemplateResponse('core', @@ -513,6 +513,9 @@ class LostControllerTest extends \Test\TestCase { ->willReturn(false); $user->expects($this->never()) ->method('setPassword'); + $user->expects($this->any()) + ->method('getEMailAddress') + ->willReturn('random@example.org'); $this->config->method('getUserValue') ->with('ValidTokenUser', 'core', 'lostpassword', null) |