diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-02-10 14:41:47 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-02-10 16:31:11 +0100 |
| commit | 5680743c2b19daf561729d4a78978600150a0553 (patch) | |
| tree | 282ab57d336faa5d3112097fd8e78b2df0d64195 /apps/updatenotification/tests | |
| parent | 5c89cf9565d4c08984af10d39cc4aff0a6cac147 (diff) | |
| download | nextcloud-server-5680743c2b19daf561729d4a78978600150a0553.tar.gz nextcloud-server-5680743c2b19daf561729d4a78978600150a0553.zip | |
Harden updater authentication
- Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453
- Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)
Diffstat (limited to 'apps/updatenotification/tests')
| -rw-r--r-- | apps/updatenotification/tests/controller/AdminControllerTest.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/updatenotification/tests/controller/AdminControllerTest.php b/apps/updatenotification/tests/controller/AdminControllerTest.php index 01801626000..5a0f9d21469 100644 --- a/apps/updatenotification/tests/controller/AdminControllerTest.php +++ b/apps/updatenotification/tests/controller/AdminControllerTest.php @@ -77,12 +77,12 @@ class AdminControllerTest extends TestCase { $this->secureRandom ->expects($this->once()) ->method('generate') - ->with(32) + ->with(64) ->willReturn('MyGeneratedToken'); $this->config ->expects($this->once()) ->method('setSystemValue') - ->with('updater.secret', 'MyGeneratedToken'); + ->with('updater.secret'); $this->timeFactory ->expects($this->once()) ->method('getTime') |