diff options
| author | yemkareems <yemkareems@gmail.com> | 2024-10-28 11:22:36 +0530 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-10-28 12:29:20 +0000 |
| commit | b7e4138886f7462d0ac3e6ecab64556d0e4e6557 (patch) | |
| tree | ab1bafe52c337d29bfbea79095736442964a903f /lib | |
| parent | 0e4ab29304daf9113a19206a5e05be99725e1901 (diff) | |
| download | nextcloud-server-b7e4138886f7462d0ac3e6ecab64556d0e4e6557.tar.gz nextcloud-server-b7e4138886f7462d0ac3e6ecab64556d0e4e6557.zip | |
fix: encrypt and store password, decrypt and retrieve the same
Signed-off-by: yemkareems <yemkareems@gmail.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/LoginCredentials/Store.php | 10 | ||||
| -rw-r--r-- | lib/private/Server.php | 3 |
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php index bd39dd11460..8e31d7e23ca 100644 --- a/lib/private/Authentication/LoginCredentials/Store.php +++ b/lib/private/Authentication/LoginCredentials/Store.php @@ -10,6 +10,7 @@ namespace OC\Authentication\LoginCredentials; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\IProvider; +use OC\Security\Crypto; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\LoginCredentials\ICredentials; @@ -29,12 +30,17 @@ class Store implements IStore { /** @var IProvider|null */ private $tokenProvider; + /** @var Crypto|null */ + private $crypto; + public function __construct(ISession $session, LoggerInterface $logger, - ?IProvider $tokenProvider = null) { + ?IProvider $tokenProvider = null, + ?Crypto $crypto = null) { $this->session = $session; $this->logger = $logger; $this->tokenProvider = $tokenProvider; + $this->crypto = $crypto; Util::connectHook('OC_User', 'post_login', $this, 'authenticate'); } @@ -45,6 +51,7 @@ class Store implements IStore { * @param array $params */ public function authenticate(array $params) { + $params['password'] = $this->crypto->encrypt((string)$params['password']); $this->session->set('login_credentials', json_encode($params)); } @@ -91,6 +98,7 @@ class Store implements IStore { if ($trySession && $this->session->exists('login_credentials')) { /** @var array $creds */ $creds = json_decode($this->session->get('login_credentials'), true); + $creds['password'] = $this->crypto->decrypt($creds['password']); return new Credentials( $creds['uid'], $creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID diff --git a/lib/private/Server.php b/lib/private/Server.php index 3b86ded05cc..4e55bddcb36 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -481,7 +481,8 @@ class Server extends ServerContainer implements IServerContainer { $tokenProvider = null; } $logger = $c->get(LoggerInterface::class); - return new Store($session, $logger, $tokenProvider); + $crypto = $c->get(Crypto::class); + return new Store($session, $logger, $tokenProvider, $crypto); }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); |