diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2019-08-21 12:31:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-21 12:31:12 +0200 |
| commit | 6d20876eb2aae5cb2269c7551e7a4f43e7a31222 (patch) | |
| tree | 874fc4837b6bb425add34b154ad5ee03a782764f | |
| parent | dd02920aedc63e89c8c8cf2e2c41344954bac08c (diff) | |
| parent | 9c4c5ee8187f169d4d915b9bc84988cca2f6619d (diff) | |
| download | nextcloud-server-6d20876eb2aae5cb2269c7551e7a4f43e7a31222.tar.gz nextcloud-server-6d20876eb2aae5cb2269c7551e7a4f43e7a31222.zip | |
Merge pull request #16782 from nextcloud/fix/16729/stop-if-encrypted-token-null
Stop if there is no encrypted token
| -rw-r--r-- | core/Controller/LostController.php | 6 | ||||
| -rw-r--r-- | tests/Core/Controller/LostControllerTest.php | 18 |
2 files changed, 22 insertions, 2 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index dcdafaa408c..49f015d511d 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -194,8 +194,12 @@ class LostController extends Controller { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); } + $encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null); + if ($encryptedToken === null) { + throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); + } + try { - $encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null); $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); } catch (\Exception $e) { diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index b7ab99e991f..60b96a39081 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase { $this->assertSame($expectedResponse, $response); } + public function testIsSetPasswordTokenNullFailing() { + $this->config->method('getUserValue') + ->with('ValidTokenUser', 'core', 'lostpassword', null) + ->willReturn(null); + $this->userManager->method('get') + ->with('ValidTokenUser') + ->willReturn($this->existingUser); + + $response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true); + $expectedResponse = [ + 'status' => 'error', + 'msg' => 'Couldn\'t reset password because the token is invalid' + ]; + $this->assertSame($expectedResponse, $response); + } + public function testSetPasswordForDisabledUser() { $user = $this->createMock(IUser::class); $user->expects($this->any()) @@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase { ->willReturn('encryptedData'); $this->userManager->method('get') ->with('DisabledUser') - ->willReturn($this->existingUser); + ->willReturn($user); $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true); $expectedResponse = [ |