aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
diff options
context:
space:
mode:
authorCôme Chilliet <91878298+come-nc@users.noreply.github.com>2023-04-20 16:52:38 +0200
committerGitHub <noreply@github.com>2023-04-20 16:52:38 +0200
commitb294edad804f40618a96116845615831302d0357 (patch)
tree71023e0f6d2185d44a4a62200e5613efa8aee089 /lib/private/Authentication
parent8d5165e8dc40289b5d523523c4140f780b2fe293 (diff)
parent590c202797e6f5018635e45cdb2ed79ecd1c9865 (diff)
downloadnextcloud-server-b294edad804f40618a96116845615831302d0357.tar.gz
nextcloud-server-b294edad804f40618a96116845615831302d0357.zip
Merge branch 'master' into enh/type-iconfig-getter-calls
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Diffstat (limited to 'lib/private/Authentication')
-rw-r--r--lib/private/Authentication/Token/PublicKeyTokenProvider.php106
1 files changed, 55 insertions, 51 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index 6e3bcec5c99..f5fcd4dcef2 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -327,18 +327,20 @@ class PublicKeyTokenProvider implements IProvider {
throw new InvalidTokenException("Invalid token type");
}
- // When changing passwords all temp tokens are deleted
- $this->mapper->deleteTempToken($token);
-
- // Update the password for all tokens
- $tokens = $this->mapper->getTokenByUser($token->getUID());
- $hashedPassword = $this->hashPassword($password);
- foreach ($tokens as $t) {
- $publicKey = $t->getPublicKey();
- $t->setPassword($this->encryptPassword($password, $publicKey));
- $t->setPasswordHash($hashedPassword);
- $this->updateToken($t);
- }
+ $this->atomic(function () use ($password, $token) {
+ // When changing passwords all temp tokens are deleted
+ $this->mapper->deleteTempToken($token);
+
+ // Update the password for all tokens
+ $tokens = $this->mapper->getTokenByUser($token->getUID());
+ $hashedPassword = $this->hashPassword($password);
+ foreach ($tokens as $t) {
+ $publicKey = $t->getPublicKey();
+ $t->setPassword($this->encryptPassword($password, $publicKey));
+ $t->setPasswordHash($hashedPassword);
+ $this->updateToken($t);
+ }
+ }, $this->db);
}
private function hashPassword(string $password): string {
@@ -489,49 +491,51 @@ class PublicKeyTokenProvider implements IProvider {
return;
}
- // Update the password for all tokens
- $tokens = $this->mapper->getTokenByUser($uid);
- $newPasswordHash = null;
-
- /**
- * - true: The password hash could not be verified anymore
- * and the token needs to be updated with the newly encrypted password
- * - false: The hash could still be verified
- * - missing: The hash needs to be verified
- */
- $hashNeedsUpdate = [];
-
- foreach ($tokens as $t) {
- if (!isset($hashNeedsUpdate[$t->getPasswordHash()])) {
- if ($t->getPasswordHash() === null) {
- $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true;
- } elseif (!$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) {
- $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true;
- } else {
- $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = false;
+ $this->atomic(function () use ($password, $uid) {
+ // Update the password for all tokens
+ $tokens = $this->mapper->getTokenByUser($uid);
+ $newPasswordHash = null;
+
+ /**
+ * - true: The password hash could not be verified anymore
+ * and the token needs to be updated with the newly encrypted password
+ * - false: The hash could still be verified
+ * - missing: The hash needs to be verified
+ */
+ $hashNeedsUpdate = [];
+
+ foreach ($tokens as $t) {
+ if (!isset($hashNeedsUpdate[$t->getPasswordHash()])) {
+ if ($t->getPasswordHash() === null) {
+ $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true;
+ } elseif (!$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) {
+ $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true;
+ } else {
+ $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = false;
+ }
}
- }
- $needsUpdating = $hashNeedsUpdate[$t->getPasswordHash() ?: ''] ?? true;
-
- if ($needsUpdating) {
- if ($newPasswordHash === null) {
- $newPasswordHash = $this->hashPassword($password);
+ $needsUpdating = $hashNeedsUpdate[$t->getPasswordHash() ?: ''] ?? true;
+
+ if ($needsUpdating) {
+ if ($newPasswordHash === null) {
+ $newPasswordHash = $this->hashPassword($password);
+ }
+
+ $publicKey = $t->getPublicKey();
+ $t->setPassword($this->encryptPassword($password, $publicKey));
+ $t->setPasswordHash($newPasswordHash);
+ $t->setPasswordInvalid(false);
+ $this->updateToken($t);
}
-
- $publicKey = $t->getPublicKey();
- $t->setPassword($this->encryptPassword($password, $publicKey));
- $t->setPasswordHash($newPasswordHash);
- $t->setPasswordInvalid(false);
- $this->updateToken($t);
}
- }
- // If password hashes are different we update them all to be equal so
- // that the next execution only needs to verify once
- if (count($hashNeedsUpdate) > 1) {
- $newPasswordHash = $this->hashPassword($password);
- $this->mapper->updateHashesForUser($uid, $newPasswordHash);
- }
+ // If password hashes are different we update them all to be equal so
+ // that the next execution only needs to verify once
+ if (count($hashNeedsUpdate) > 1) {
+ $newPasswordHash = $this->hashPassword($password);
+ $this->mapper->updateHashesForUser($uid, $newPasswordHash);
+ }
+ }, $this->db);
}
private function logOpensslError() {