summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2020-08-10 15:02:19 +0200
committerGitHub <noreply@github.com>2020-08-10 15:02:19 +0200
commitccb1675103b3de141a82ec63cfb996551f42769e (patch)
tree366e9b482d66b45e50bb0007a08f0cce982b2efd
parent17bb12234c9b1a66406b35e8fe4d200aa580ae19 (diff)
parentc19bdb05e8cf24317d6ea3a58951a4e0102b2e70 (diff)
downloadnextcloud-server-ccb1675103b3de141a82ec63cfb996551f42769e.tar.gz
nextcloud-server-ccb1675103b3de141a82ec63cfb996551f42769e.zip
Merge pull request #22159 from nextcloud/enh/22014/generate-passwords-policy
Generate password on addUser by password_policy app
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php23
-rw-r--r--apps/provisioning_api/tests/Controller/UsersControllerTest.php51
2 files changed, 69 insertions, 5 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 6e8613085d0..570a02f780d 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -59,6 +59,8 @@ use OCP\IUserManager;
use OCP\IUserSession;
use OCP\L10N\IFactory;
use OCP\Security\ISecureRandom;
+use OCP\Security\Events\GenerateSecurePasswordEvent;
+use OCP\EventDispatcher\IEventDispatcher;
class UsersController extends AUserData {
@@ -76,6 +78,8 @@ class UsersController extends AUserData {
private $secureRandom;
/** @var RemoteWipe */
private $remoteWipe;
+ /** @var IEventDispatcher */
+ private $eventDispatcher;
public function __construct(string $appName,
IRequest $request,
@@ -90,7 +94,8 @@ class UsersController extends AUserData {
NewUserMailHelper $newUserMailHelper,
FederatedShareProviderFactory $federatedShareProviderFactory,
ISecureRandom $secureRandom,
- RemoteWipe $remoteWipe) {
+ RemoteWipe $remoteWipe,
+ IEventDispatcher $eventDispatcher) {
parent::__construct($appName,
$request,
$userManager,
@@ -107,6 +112,7 @@ class UsersController extends AUserData {
$this->federatedShareProviderFactory = $federatedShareProviderFactory;
$this->secureRandom = $secureRandom;
$this->remoteWipe = $remoteWipe;
+ $this->eventDispatcher = $eventDispatcher;
}
/**
@@ -286,9 +292,18 @@ class UsersController extends AUserData {
throw new OCSException('To send a password link to the user an email address is required.', 108);
}
- $password = $this->secureRandom->generate(10);
- // Make sure we pass the password_policy
- $password .= $this->secureRandom->generate(2, '$!.,;:-~+*[]{}()');
+ $passwordEvent = new GenerateSecurePasswordEvent();
+ $this->eventDispatcher->dispatchTyped($passwordEvent);
+
+ $password = $passwordEvent->getPassword();
+ if ($password === null) {
+ // Fallback: ensure to pass password_policy in any case
+ $password = $this->secureRandom->generate(10)
+ . $this->secureRandom->generate(1, ISecureRandom::CHAR_UPPER)
+ . $this->secureRandom->generate(1, ISecureRandom::CHAR_LOWER)
+ . $this->secureRandom->generate(1, ISecureRandom::CHAR_DIGITS)
+ . $this->secureRandom->generate(1, ISecureRandom::CHAR_SYMBOLS);
+ }
$generatePasswordResetToken = true;
}
diff --git a/apps/provisioning_api/tests/Controller/UsersControllerTest.php b/apps/provisioning_api/tests/Controller/UsersControllerTest.php
index 152a6526653..ceb84cbed4e 100644
--- a/apps/provisioning_api/tests/Controller/UsersControllerTest.php
+++ b/apps/provisioning_api/tests/Controller/UsersControllerTest.php
@@ -48,6 +48,7 @@ use OCA\Provisioning_API\FederatedShareProviderFactory;
use OCA\Settings\Mailer\NewUserMailHelper;
use OCP\App\IAppManager;
use OCP\AppFramework\Http\DataResponse;
+use OCP\EventDispatcher\IEventDispatcher;
use OCP\IConfig;
use OCP\IGroup;
use OCP\IL10N;
@@ -58,6 +59,7 @@ use OCP\IUserManager;
use OCP\IUserSession;
use OCP\L10N\IFactory;
use OCP\Mail\IEMailTemplate;
+use OCP\Security\Events\GenerateSecurePasswordEvent;
use OCP\Security\ISecureRandom;
use OCP\UserInterface;
use PHPUnit\Framework\MockObject\MockObject;
@@ -94,6 +96,8 @@ class UsersControllerTest extends TestCase {
private $secureRandom;
/** @var RemoteWipe|MockObject */
private $remoteWipe;
+ /** @var IEventDispatcher */
+ private $eventDispatcher;
protected function setUp(): void {
parent::setUp();
@@ -111,6 +115,7 @@ class UsersControllerTest extends TestCase {
$this->federatedShareProviderFactory = $this->createMock(FederatedShareProviderFactory::class);
$this->secureRandom = $this->createMock(ISecureRandom::class);
$this->remoteWipe = $this->createMock(RemoteWipe::class);
+ $this->eventDispatcher = $this->createMock(IEventDispatcher::class);
$this->api = $this->getMockBuilder(UsersController::class)
->setConstructorArgs([
@@ -128,6 +133,7 @@ class UsersControllerTest extends TestCase {
$this->federatedShareProviderFactory,
$this->secureRandom,
$this->remoteWipe,
+ $this->eventDispatcher,
])
->setMethods(['fillStorageInfo'])
->getMock();
@@ -389,7 +395,8 @@ class UsersControllerTest extends TestCase {
$this->newUserMailHelper,
$this->federatedShareProviderFactory,
$this->secureRandom,
- $this->remoteWipe
+ $this->remoteWipe,
+ $this->eventDispatcher,
])
->setMethods(['editUser'])
->getMock();
@@ -486,6 +493,46 @@ class UsersControllerTest extends TestCase {
));
}
+ public function testAddUserSuccessfulGeneratePassword() {
+ $this->userManager
+ ->expects($this->once())
+ ->method('userExists')
+ ->with('NewUser')
+ ->willReturn(false);
+ $this->userManager
+ ->expects($this->once())
+ ->method('createUser');
+ $this->logger
+ ->expects($this->once())
+ ->method('info')
+ ->with('Successful addUser call with userid: NewUser', ['app' => 'ocs_api']);
+ $loggedInUser = $this->getMockBuilder(IUser::class)
+ ->disableOriginalConstructor()
+ ->getMock();
+ $loggedInUser
+ ->expects($this->once())
+ ->method('getUID')
+ ->willReturn('adminUser');
+ $this->userSession
+ ->expects($this->once())
+ ->method('getUser')
+ ->willReturn($loggedInUser);
+ $this->groupManager
+ ->expects($this->once())
+ ->method('isAdmin')
+ ->with('adminUser')
+ ->willReturn(true);
+ $this->eventDispatcher
+ ->expects($this->once())
+ ->method('dispatchTyped')
+ ->with(new GenerateSecurePasswordEvent());
+
+ $this->assertTrue(key_exists(
+ 'id',
+ $this->api->addUser('NewUser', '', '', 'foo@bar')->getData()
+ ));
+ }
+
public function testAddUserFailedToGenerateUserID() {
$this->expectException(\OCP\AppFramework\OCS\OCSException::class);
@@ -3126,6 +3173,7 @@ class UsersControllerTest extends TestCase {
$this->federatedShareProviderFactory,
$this->secureRandom,
$this->remoteWipe,
+ $this->eventDispatcher,
])
->setMethods(['getUserData'])
->getMock();
@@ -3190,6 +3238,7 @@ class UsersControllerTest extends TestCase {
$this->federatedShareProviderFactory,
$this->secureRandom,
$this->remoteWipe,
+ $this->eventDispatcher,
])
->setMethods(['getUserData'])
->getMock();