aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/private/Authentication/LoginCredentials/Store.php7
-rw-r--r--lib/private/Server.php3
-rw-r--r--tests/lib/Authentication/LoginCredentials/StoreTest.php21
3 files changed, 28 insertions, 3 deletions
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index 2e00ac211c1..5a1aad6c743 100644
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -28,6 +28,7 @@ namespace OC\Authentication\LoginCredentials;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider;
+use OC\Security\Crypto;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\LoginCredentials\ICredentials;
@@ -47,12 +48,16 @@ class Store implements IStore {
/** @var IProvider|null */
private $tokenProvider;
+ /** @var Crypto|null */
+ private $crypto;
+
public function __construct(ISession $session,
LoggerInterface $logger,
IProvider $tokenProvider = null) {
$this->session = $session;
$this->logger = $logger;
$this->tokenProvider = $tokenProvider;
+ $this->crypto = $crypto;
Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
}
@@ -63,6 +68,7 @@ class Store implements IStore {
* @param array $params
*/
public function authenticate(array $params) {
+ $params['password'] = $this->crypto->encrypt((string)$params['password']);
$this->session->set('login_credentials', json_encode($params));
}
@@ -109,6 +115,7 @@ class Store implements IStore {
if ($trySession && $this->session->exists('login_credentials')) {
/** @var array $creds */
$creds = json_decode($this->session->get('login_credentials'), true);
+ $creds['password'] = $this->crypto->decrypt($creds['password']);
return new Credentials(
$creds['uid'],
$creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID
diff --git a/lib/private/Server.php b/lib/private/Server.php
index c5fd8327c41..7e32a667c8a 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -512,7 +512,8 @@ class Server extends ServerContainer implements IServerContainer {
$tokenProvider = null;
}
$logger = $c->get(LoggerInterface::class);
- return new Store($session, $logger, $tokenProvider);
+ $crypto = $c->get(Crypto::class);
+ return new Store($session, $logger, $tokenProvider, $crypto);
});
$this->registerAlias(IStore::class, Store::class);
$this->registerAlias(IProvider::class, Authentication\Token\Manager::class);
diff --git a/tests/lib/Authentication/LoginCredentials/StoreTest.php b/tests/lib/Authentication/LoginCredentials/StoreTest.php
index 80d64d5466f..3e2ee7ea66c 100644
--- a/tests/lib/Authentication/LoginCredentials/StoreTest.php
+++ b/tests/lib/Authentication/LoginCredentials/StoreTest.php
@@ -30,8 +30,10 @@ use OC\Authentication\LoginCredentials\Credentials;
use OC\Authentication\LoginCredentials\Store;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
+use OC\Security\Crypto;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\ISession;
+use OCP\Security\ICrypto;
use OCP\Session\Exceptions\SessionNotAvailableException;
use Psr\Log\LoggerInterface;
use Test\TestCase;
@@ -46,6 +48,8 @@ class StoreTest extends TestCase {
/** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
private $logger;
+ /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */
+ private $crypto;
/** @var Store */
private $store;
@@ -56,20 +60,24 @@ class StoreTest extends TestCase {
$this->session = $this->createMock(ISession::class);
$this->tokenProvider = $this->createMock(IProvider::class);
$this->logger = $this->createMock(LoggerInterface::class);
+ $this->crypto = $this->createMock(Crypto::class);
- $this->store = new Store($this->session, $this->logger, $this->tokenProvider);
+ $this->store = new Store($this->session, $this->logger, $this->tokenProvider, $this->crypto);
}
public function testAuthenticate() {
$params = [
'run' => true,
'uid' => 'user123',
- 'password' => 123456,
+ 'password' => '123456',
];
$this->session->expects($this->once())
->method('set')
->with($this->equalTo('login_credentials'), $this->equalTo(json_encode($params)));
+ $this->crypto->expects($this->once())
+ ->method('encrypt')
+ ->willReturn($params['password']);
$this->store->authenticate($params);
}
@@ -156,6 +164,9 @@ class StoreTest extends TestCase {
->method('exists')
->with($this->equalTo('login_credentials'))
->willReturn(true);
+ $this->crypto->expects($this->once())
+ ->method('decrypt')
+ ->willReturn($password);
$this->session->expects($this->exactly(2))
->method('get')
->willReturnMap([
@@ -193,6 +204,9 @@ class StoreTest extends TestCase {
->method('exists')
->with($this->equalTo('login_credentials'))
->willReturn(true);
+ $this->crypto->expects($this->once())
+ ->method('decrypt')
+ ->willReturn($password);
$this->session->expects($this->exactly(2))
->method('get')
->willReturnMap([
@@ -231,6 +245,9 @@ class StoreTest extends TestCase {
->method('exists')
->with($this->equalTo('login_credentials'))
->willReturn(true);
+ $this->crypto->expects($this->once())
+ ->method('decrypt')
+ ->willReturn($password);
$this->session->expects($this->once())
->method('get')
->with($this->equalTo('login_credentials'))
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 09:50:56 +0000