diff options
| author | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2023-04-20 16:52:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-20 16:52:38 +0200 |
| commit | b294edad804f40618a96116845615831302d0357 (patch) | |
| tree | 71023e0f6d2185d44a4a62200e5613efa8aee089 /lib/private/Authentication | |
| parent | 8d5165e8dc40289b5d523523c4140f780b2fe293 (diff) | |
| parent | 590c202797e6f5018635e45cdb2ed79ecd1c9865 (diff) | |
| download | nextcloud-server-b294edad804f40618a96116845615831302d0357.tar.gz nextcloud-server-b294edad804f40618a96116845615831302d0357.zip | |
Merge branch 'master' into enh/type-iconfig-getter-calls
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Diffstat (limited to 'lib/private/Authentication')
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 106 |
1 files changed, 55 insertions, 51 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 6e3bcec5c99..f5fcd4dcef2 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -327,18 +327,20 @@ class PublicKeyTokenProvider implements IProvider { throw new InvalidTokenException("Invalid token type"); } - // When changing passwords all temp tokens are deleted - $this->mapper->deleteTempToken($token); - - // Update the password for all tokens - $tokens = $this->mapper->getTokenByUser($token->getUID()); - $hashedPassword = $this->hashPassword($password); - foreach ($tokens as $t) { - $publicKey = $t->getPublicKey(); - $t->setPassword($this->encryptPassword($password, $publicKey)); - $t->setPasswordHash($hashedPassword); - $this->updateToken($t); - } + $this->atomic(function () use ($password, $token) { + // When changing passwords all temp tokens are deleted + $this->mapper->deleteTempToken($token); + + // Update the password for all tokens + $tokens = $this->mapper->getTokenByUser($token->getUID()); + $hashedPassword = $this->hashPassword($password); + foreach ($tokens as $t) { + $publicKey = $t->getPublicKey(); + $t->setPassword($this->encryptPassword($password, $publicKey)); + $t->setPasswordHash($hashedPassword); + $this->updateToken($t); + } + }, $this->db); } private function hashPassword(string $password): string { @@ -489,49 +491,51 @@ class PublicKeyTokenProvider implements IProvider { return; } - // Update the password for all tokens - $tokens = $this->mapper->getTokenByUser($uid); - $newPasswordHash = null; - - /** - * - true: The password hash could not be verified anymore - * and the token needs to be updated with the newly encrypted password - * - false: The hash could still be verified - * - missing: The hash needs to be verified - */ - $hashNeedsUpdate = []; - - foreach ($tokens as $t) { - if (!isset($hashNeedsUpdate[$t->getPasswordHash()])) { - if ($t->getPasswordHash() === null) { - $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true; - } elseif (!$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) { - $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true; - } else { - $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = false; + $this->atomic(function () use ($password, $uid) { + // Update the password for all tokens + $tokens = $this->mapper->getTokenByUser($uid); + $newPasswordHash = null; + + /** + * - true: The password hash could not be verified anymore + * and the token needs to be updated with the newly encrypted password + * - false: The hash could still be verified + * - missing: The hash needs to be verified + */ + $hashNeedsUpdate = []; + + foreach ($tokens as $t) { + if (!isset($hashNeedsUpdate[$t->getPasswordHash()])) { + if ($t->getPasswordHash() === null) { + $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true; + } elseif (!$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) { + $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true; + } else { + $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = false; + } } - } - $needsUpdating = $hashNeedsUpdate[$t->getPasswordHash() ?: ''] ?? true; - - if ($needsUpdating) { - if ($newPasswordHash === null) { - $newPasswordHash = $this->hashPassword($password); + $needsUpdating = $hashNeedsUpdate[$t->getPasswordHash() ?: ''] ?? true; + + if ($needsUpdating) { + if ($newPasswordHash === null) { + $newPasswordHash = $this->hashPassword($password); + } + + $publicKey = $t->getPublicKey(); + $t->setPassword($this->encryptPassword($password, $publicKey)); + $t->setPasswordHash($newPasswordHash); + $t->setPasswordInvalid(false); + $this->updateToken($t); } - - $publicKey = $t->getPublicKey(); - $t->setPassword($this->encryptPassword($password, $publicKey)); - $t->setPasswordHash($newPasswordHash); - $t->setPasswordInvalid(false); - $this->updateToken($t); } - } - // If password hashes are different we update them all to be equal so - // that the next execution only needs to verify once - if (count($hashNeedsUpdate) > 1) { - $newPasswordHash = $this->hashPassword($password); - $this->mapper->updateHashesForUser($uid, $newPasswordHash); - } + // If password hashes are different we update them all to be equal so + // that the next execution only needs to verify once + if (count($hashNeedsUpdate) > 1) { + $newPasswordHash = $this->hashPassword($password); + $this->mapper->updateHashesForUser($uid, $newPasswordHash); + } + }, $this->db); } private function logOpensslError() { |