diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2015-04-29 10:44:25 +0200 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2015-04-29 10:44:25 +0200 |
| commit | 7df7a3b3602cd3a733c79255cee95ce324f729fa (patch) | |
| tree | 9ed5cd1811db2340963c5587b2f6f5fbd715429f | |
| parent | 6ebb021359007b2c138c5dc4f9a7b2d3cb783948 (diff) | |
| parent | 02269b6464844696f4d33067f04640953dd6ec32 (diff) | |
| download | nextcloud-server-7df7a3b3602cd3a733c79255cee95ce324f729fa.tar.gz nextcloud-server-7df7a3b3602cd3a733c79255cee95ce324f729fa.zip | |
Merge pull request #15906 from rullzer/fix_15777
Password set via OCS API should not be double escaped
| -rw-r--r-- | lib/private/share/share.php | 2 | ||||
| -rw-r--r-- | tests/lib/share/share.php | 46 |
2 files changed, 47 insertions, 1 deletions
diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 617eeeb9d90..0991fa0f38a 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -1220,7 +1220,7 @@ class Share extends Constants { $qb->update('`*PREFIX*share`') ->set('`share_with`', ':pass') ->where('`id` = :shareId') - ->setParameter(':pass', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password))) + ->setParameter(':pass', is_null($password) ? 'NULL' : \OC::$server->getHasher()->hash($password)) ->setParameter(':shareId', $shareId); $qb->execute(); diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php index 124ad450e2e..cda895a437d 100644 --- a/tests/lib/share/share.php +++ b/tests/lib/share/share.php @@ -1158,6 +1158,52 @@ class Test_Share extends \Test\TestCase { \OC\Share\Share::setPassword($userSession, $connection, $config, 1, 'pass'); } + public function testPasswords() { + $pass = 'secret'; + + $this->shareUserTestFileAsLink(); + + $userSession = \OC::$server->getUserSession(); + $connection = \OC::$server->getDatabaseConnection(); + $config = $this->getMockBuilder('\OCP\IConfig') + ->disableOriginalConstructor() + ->getMock(); + + // Find the share ID in the db + $qb = $connection->createQueryBuilder(); + $qb->select('`id`') + ->from('`*PREFIX*share`') + ->where('`item_type` = :type') + ->andWhere('`item_source` = :source') + ->andWhere('`uid_owner` = :owner') + ->andWhere('`share_type` = :share_type') + ->setParameter('type', 'test') + ->setParameter('source', 'test.txt') + ->setParameter('owner', $this->user1) + ->setParameter('share_type', \OCP\Share::SHARE_TYPE_LINK); + + $res = $qb->execute()->fetchAll(); + $this->assertCount(1, $res); + $id = $res[0]['id']; + + // Set password on share + $res = \OC\Share\Share::setPassword($userSession, $connection, $config, $id, $pass); + $this->assertTrue($res); + + // Fetch the hash from the database + $qb = $connection->createQueryBuilder(); + $qb->select('`share_with`') + ->from('`*PREFIX*share`') + ->where('`id` = :id') + ->setParameter('id', $id); + $hash = $qb->execute()->fetch()['share_with']; + + $hasher = \OC::$server->getHasher(); + + // Verify hash + $this->assertTrue($hasher->verify($pass, $hash)); + } + /** * Test setting a password when everything is fine */ |