diff options
| -rw-r--r-- | lib/private/Authentication/LoginCredentials/Store.php | 15 | ||||
| -rw-r--r-- | lib/private/Server.php | 3 | ||||
| -rw-r--r-- | tests/lib/Authentication/LoginCredentials/StoreTest.php | 22 |
3 files changed, 34 insertions, 6 deletions
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php index bd39dd11460..b6f22ce345f 100644 --- a/lib/private/Authentication/LoginCredentials/Store.php +++ b/lib/private/Authentication/LoginCredentials/Store.php @@ -8,6 +8,7 @@ declare(strict_types=1); */ namespace OC\Authentication\LoginCredentials; +use Exception; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\IProvider; use OCP\Authentication\Exceptions\CredentialsUnavailableException; @@ -15,6 +16,7 @@ use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\LoginCredentials\ICredentials; use OCP\Authentication\LoginCredentials\IStore; use OCP\ISession; +use OCP\Security\ICrypto; use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Util; use Psr\Log\LoggerInterface; @@ -29,9 +31,12 @@ class Store implements IStore { /** @var IProvider|null */ private $tokenProvider; - public function __construct(ISession $session, + public function __construct( + ISession $session, LoggerInterface $logger, - ?IProvider $tokenProvider = null) { + private readonly ICrypto $crypto, + ?IProvider $tokenProvider = null, + ) { $this->session = $session; $this->logger = $logger; $this->tokenProvider = $tokenProvider; @@ -45,6 +50,7 @@ class Store implements IStore { * @param array $params */ public function authenticate(array $params) { + $params['password'] = $this->crypto->encrypt((string)$params['password']); $this->session->set('login_credentials', json_encode($params)); } @@ -91,6 +97,11 @@ class Store implements IStore { if ($trySession && $this->session->exists('login_credentials')) { /** @var array $creds */ $creds = json_decode($this->session->get('login_credentials'), true); + try { + $creds['password'] = $this->crypto->decrypt($creds['password']); + } catch (Exception $e) { + //decryption failed, continue with old password as it is + } return new Credentials( $creds['uid'], $creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID diff --git a/lib/private/Server.php b/lib/private/Server.php index 0016e2bbb7a..27a5f2662f8 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -451,7 +451,8 @@ class Server extends ServerContainer implements IServerContainer { $tokenProvider = null; } $logger = $c->get(LoggerInterface::class); - return new Store($session, $logger, $tokenProvider); + $crypto = $c->get(ICrypto::class); + return new Store($session, $logger, $crypto, $tokenProvider); }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); diff --git a/tests/lib/Authentication/LoginCredentials/StoreTest.php b/tests/lib/Authentication/LoginCredentials/StoreTest.php index 6f1e3a6d750..c58bb09faaa 100644 --- a/tests/lib/Authentication/LoginCredentials/StoreTest.php +++ b/tests/lib/Authentication/LoginCredentials/StoreTest.php @@ -15,6 +15,7 @@ use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\ISession; +use OCP\Security\ICrypto; use OCP\Session\Exceptions\SessionNotAvailableException; use Psr\Log\LoggerInterface; use Test\TestCase; @@ -29,6 +30,8 @@ class StoreTest extends TestCase { /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */ private $logger; + /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */ + private $crypto; /** @var Store */ private $store; @@ -39,20 +42,24 @@ class StoreTest extends TestCase { $this->session = $this->createMock(ISession::class); $this->tokenProvider = $this->createMock(IProvider::class); $this->logger = $this->createMock(LoggerInterface::class); + $this->crypto = $this->createMock(ICrypto::class); - $this->store = new Store($this->session, $this->logger, $this->tokenProvider); + $this->store = new Store($this->session, $this->logger, $this->crypto, $this->tokenProvider); } public function testAuthenticate(): void { $params = [ 'run' => true, 'uid' => 'user123', - 'password' => 123456, + 'password' => '123456', ]; $this->session->expects($this->once()) ->method('set') ->with($this->equalTo('login_credentials'), $this->equalTo(json_encode($params))); + $this->crypto->expects($this->once()) + ->method('encrypt') + ->willReturn('123456'); $this->store->authenticate($params); } @@ -65,7 +72,7 @@ class StoreTest extends TestCase { } public function testGetLoginCredentialsNoTokenProvider(): void { - $this->store = new Store($this->session, $this->logger, null); + $this->store = new Store($this->session, $this->logger, $this->crypto, null); $this->expectException(CredentialsUnavailableException::class); @@ -139,6 +146,9 @@ class StoreTest extends TestCase { ->method('exists') ->with($this->equalTo('login_credentials')) ->willReturn(true); + $this->crypto->expects($this->once()) + ->method('decrypt') + ->willReturn($password); $this->session->expects($this->exactly(2)) ->method('get') ->willReturnMap([ @@ -176,6 +186,9 @@ class StoreTest extends TestCase { ->method('exists') ->with($this->equalTo('login_credentials')) ->willReturn(true); + $this->crypto->expects($this->once()) + ->method('decrypt') + ->willReturn($password); $this->session->expects($this->exactly(2)) ->method('get') ->willReturnMap([ @@ -214,6 +227,9 @@ class StoreTest extends TestCase { ->method('exists') ->with($this->equalTo('login_credentials')) ->willReturn(true); + $this->crypto->expects($this->once()) + ->method('decrypt') + ->willReturn($password); $this->session->expects($this->once()) ->method('get') ->with($this->equalTo('login_credentials')) |