From 1f17010e0b4099b41cc72f53e18f4d162ce2e3da Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Tue, 29 May 2018 09:24:20 +0200 Subject: Add first tests Signed-off-by: Roeland Jago Douma --- lib/private/Authentication/Token/PublicKeyTokenProvider.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lib/private/Authentication') diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index d7e9038a076..1c5f3da147f 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -134,9 +134,14 @@ class PublicKeyTokenProvider implements IProvider { public function renewSessionToken(string $oldSessionId, string $sessionId) { $token = $this->getToken($oldSessionId); + if (!($token instanceof PublicKeyToken)) { + throw new InvalidTokenException(); + } + $password = null; if (!is_null($token->getPassword())) { - $password = $this->decryptPassword($token->getPassword(), $oldSessionId); + $privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId); + $password = $this->decryptPassword($token->getPassword(), $privateKey); } $this->generateToken( @@ -198,6 +203,10 @@ class PublicKeyTokenProvider implements IProvider { throw new InvalidTokenException(); } + if ($token->getPassword() === null) { + throw new PasswordlessTokenException(); + } + // Decrypt private key with tokenId $privateKey = $this->decrypt($token->getPrivateKey(), $tokenId); -- cgit v1.2.3