From 505dfd65fd3520aaf95add30ef680723ddcd4dbd Mon Sep 17 00:00:00 2001 From: yemkareems Date: Mon, 28 Oct 2024 11:22:36 +0530 Subject: fix: encrypt and store password, decrypt and retrieve the same Signed-off-by: yemkareems --- lib/private/Authentication/LoginCredentials/Store.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib/private/Authentication') diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php index bd39dd11460..8e31d7e23ca 100644 --- a/lib/private/Authentication/LoginCredentials/Store.php +++ b/lib/private/Authentication/LoginCredentials/Store.php @@ -10,6 +10,7 @@ namespace OC\Authentication\LoginCredentials; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\IProvider; +use OC\Security\Crypto; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\LoginCredentials\ICredentials; @@ -29,12 +30,17 @@ class Store implements IStore { /** @var IProvider|null */ private $tokenProvider; + /** @var Crypto|null */ + private $crypto; + public function __construct(ISession $session, LoggerInterface $logger, - ?IProvider $tokenProvider = null) { + ?IProvider $tokenProvider = null, + ?Crypto $crypto = null) { $this->session = $session; $this->logger = $logger; $this->tokenProvider = $tokenProvider; + $this->crypto = $crypto; Util::connectHook('OC_User', 'post_login', $this, 'authenticate'); } @@ -45,6 +51,7 @@ class Store implements IStore { * @param array $params */ public function authenticate(array $params) { + $params['password'] = $this->crypto->encrypt((string)$params['password']); $this->session->set('login_credentials', json_encode($params)); } @@ -91,6 +98,7 @@ class Store implements IStore { if ($trySession && $this->session->exists('login_credentials')) { /** @var array $creds */ $creds = json_decode($this->session->get('login_credentials'), true); + $creds['password'] = $this->crypto->decrypt($creds['password']); return new Credentials( $creds['uid'], $creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID -- cgit v1.2.3