From b7e4138886f7462d0ac3e6ecab64556d0e4e6557 Mon Sep 17 00:00:00 2001
From: yemkareems <yemkareems@gmail.com>
Date: Mon, 28 Oct 2024 11:22:36 +0530
Subject: fix: encrypt and store password, decrypt and retrieve the same

Signed-off-by: yemkareems <yemkareems@gmail.com>
---
 lib/private/Authentication/LoginCredentials/Store.php | 10 +++++++++-
 lib/private/Server.php                                |  3 ++-
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index bd39dd11460..8e31d7e23ca 100644
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -10,6 +10,7 @@ namespace OC\Authentication\LoginCredentials;
 
 use OC\Authentication\Exceptions\PasswordlessTokenException;
 use OC\Authentication\Token\IProvider;
+use OC\Security\Crypto;
 use OCP\Authentication\Exceptions\CredentialsUnavailableException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\LoginCredentials\ICredentials;
@@ -29,12 +30,17 @@ class Store implements IStore {
 	/** @var IProvider|null */
 	private $tokenProvider;
 
+	/** @var Crypto|null */
+	private $crypto;
+
 	public function __construct(ISession $session,
 		LoggerInterface $logger,
-		?IProvider $tokenProvider = null) {
+		?IProvider $tokenProvider = null,
+		?Crypto $crypto = null) {
 		$this->session = $session;
 		$this->logger = $logger;
 		$this->tokenProvider = $tokenProvider;
+		$this->crypto = $crypto;
 
 		Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
 	}
@@ -45,6 +51,7 @@ class Store implements IStore {
 	 * @param array $params
 	 */
 	public function authenticate(array $params) {
+		$params['password'] = $this->crypto->encrypt((string)$params['password']);
 		$this->session->set('login_credentials', json_encode($params));
 	}
 
@@ -91,6 +98,7 @@ class Store implements IStore {
 		if ($trySession && $this->session->exists('login_credentials')) {
 			/** @var array $creds */
 			$creds = json_decode($this->session->get('login_credentials'), true);
+			$creds['password'] = $this->crypto->decrypt($creds['password']);
 			return new Credentials(
 				$creds['uid'],
 				$creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 3b86ded05cc..4e55bddcb36 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -481,7 +481,8 @@ class Server extends ServerContainer implements IServerContainer {
 				$tokenProvider = null;
 			}
 			$logger = $c->get(LoggerInterface::class);
-			return new Store($session, $logger, $tokenProvider);
+			$crypto = $c->get(Crypto::class);
+			return new Store($session, $logger, $tokenProvider, $crypto);
 		});
 		$this->registerAlias(IStore::class, Store::class);
 		$this->registerAlias(IProvider::class, Authentication\Token\Manager::class);
-- 
cgit v1.2.3