From dcc8cce28b3c47dd7f6c1684fdb0793102164fb2 Mon Sep 17 00:00:00 2001 From: Daniel Calviño Sánchez Date: Sun, 23 Apr 2017 19:04:06 +0200 Subject: Fix double hashing of shared link passwords MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The plain text password for a shared links was hashed and, then, the hashed password was hashed again and set as the final password. Due to this the password introduced in the "Authenticate" page for the shared link was always a wrong password, and thus the file could not be accessed. Signed-off-by: Daniel Calviño Sánchez --- lib/private/Share20/Manager.php | 2 +- tests/lib/Share20/ManagerTest.php | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 3afd38c579f..7bed012fe8f 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -734,7 +734,7 @@ class Manager implements IManager { } $plainTextPassword = null; - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK || $share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) { + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) { // Password updated. if ($share->getPassword() !== $originalShare->getPassword()) { //Verify the password diff --git a/tests/lib/Share20/ManagerTest.php b/tests/lib/Share20/ManagerTest.php index 7de73421d3e..6a389fcdf9a 100644 --- a/tests/lib/Share20/ManagerTest.php +++ b/tests/lib/Share20/ManagerTest.php @@ -2520,6 +2520,12 @@ class ManagerTest extends \Test\TestCase { $manager->expects($this->once())->method('canShare')->willReturn(true); $manager->expects($this->once())->method('getShareById')->with('foo:42')->willReturn($originalShare); $manager->expects($this->once())->method('validateExpirationDate')->with($share); + $manager->expects($this->once())->method('verifyPassword')->with('password'); + + $this->hasher->expects($this->once()) + ->method('hash') + ->with('password') + ->willReturn('hashed'); $this->defaultProvider->expects($this->once()) ->method('update') -- cgit v1.2.3