diff options
| author | Kate <26026535+provokateurin@users.noreply.github.com> | 2024-10-28 13:26:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-28 13:26:55 +0100 |
| commit | d25a0a2896a2a981939cacb8ee0d555feef22b3b (patch) | |
| tree | f7ac5dfd04420209273da58b8745031d912f01d5 /lib | |
| parent | 8b5e1bac90288692cde05da3694cdb749272d533 (diff) | |
| parent | 34b07ace9579db1ce04feebd1c15f626f5503ee3 (diff) | |
| download | nextcloud-server-d25a0a2896a2a981939cacb8ee0d555feef22b3b.tar.gz nextcloud-server-d25a0a2896a2a981939cacb8ee0d555feef22b3b.zip | |
Merge pull request #48915 from nextcloud/fix/encrypt-decrypt-password
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/LoginCredentials/Store.php | 15 | ||||
| -rw-r--r-- | lib/private/Server.php | 3 |
2 files changed, 15 insertions, 3 deletions
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php index bd39dd11460..b6f22ce345f 100644 --- a/lib/private/Authentication/LoginCredentials/Store.php +++ b/lib/private/Authentication/LoginCredentials/Store.php @@ -8,6 +8,7 @@ declare(strict_types=1); */ namespace OC\Authentication\LoginCredentials; +use Exception; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\IProvider; use OCP\Authentication\Exceptions\CredentialsUnavailableException; @@ -15,6 +16,7 @@ use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\LoginCredentials\ICredentials; use OCP\Authentication\LoginCredentials\IStore; use OCP\ISession; +use OCP\Security\ICrypto; use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Util; use Psr\Log\LoggerInterface; @@ -29,9 +31,12 @@ class Store implements IStore { /** @var IProvider|null */ private $tokenProvider; - public function __construct(ISession $session, + public function __construct( + ISession $session, LoggerInterface $logger, - ?IProvider $tokenProvider = null) { + private readonly ICrypto $crypto, + ?IProvider $tokenProvider = null, + ) { $this->session = $session; $this->logger = $logger; $this->tokenProvider = $tokenProvider; @@ -45,6 +50,7 @@ class Store implements IStore { * @param array $params */ public function authenticate(array $params) { + $params['password'] = $this->crypto->encrypt((string)$params['password']); $this->session->set('login_credentials', json_encode($params)); } @@ -91,6 +97,11 @@ class Store implements IStore { if ($trySession && $this->session->exists('login_credentials')) { /** @var array $creds */ $creds = json_decode($this->session->get('login_credentials'), true); + try { + $creds['password'] = $this->crypto->decrypt($creds['password']); + } catch (Exception $e) { + //decryption failed, continue with old password as it is + } return new Credentials( $creds['uid'], $creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID diff --git a/lib/private/Server.php b/lib/private/Server.php index 0016e2bbb7a..27a5f2662f8 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -451,7 +451,8 @@ class Server extends ServerContainer implements IServerContainer { $tokenProvider = null; } $logger = $c->get(LoggerInterface::class); - return new Store($session, $logger, $tokenProvider); + $crypto = $c->get(ICrypto::class); + return new Store($session, $logger, $crypto, $tokenProvider); }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); |