Merge pull request #21114 from nextcloud/backport/21106/stable19
[stable19] use the loginname to verify the old password in user password changes
This commit is contained in:
commit
03a1932b15
|
@ -89,8 +89,9 @@ class ChangePasswordController extends Controller {
|
||||||
* @BruteForceProtection(action=changePersonalPassword)
|
* @BruteForceProtection(action=changePersonalPassword)
|
||||||
*/
|
*/
|
||||||
public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse {
|
public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse {
|
||||||
|
$loginName = $this->userSession->getLoginName();
|
||||||
/** @var IUser $user */
|
/** @var IUser $user */
|
||||||
$user = $this->userManager->checkPassword($this->userId, $oldpassword);
|
$user = $this->userManager->checkPassword($loginName, $oldpassword);
|
||||||
if ($user === false) {
|
if ($user === false) {
|
||||||
$response = new JSONResponse([
|
$response = new JSONResponse([
|
||||||
'status' => 'error',
|
'status' => 'error',
|
||||||
|
|
|
@ -36,6 +36,8 @@ use OCP\IUserManager;
|
||||||
class ChangePasswordControllerTest extends \Test\TestCase {
|
class ChangePasswordControllerTest extends \Test\TestCase {
|
||||||
/** @var string */
|
/** @var string */
|
||||||
private $userId = 'currentUser';
|
private $userId = 'currentUser';
|
||||||
|
/** @var string */
|
||||||
|
private $loginName = 'ua1337';
|
||||||
/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
|
/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
|
||||||
private $userManager;
|
private $userManager;
|
||||||
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
|
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
|
||||||
|
@ -75,9 +77,13 @@ class ChangePasswordControllerTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testChangePersonalPasswordWrongPassword() {
|
public function testChangePersonalPasswordWrongPassword() {
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getLoginName')
|
||||||
|
->willReturn($this->loginName);
|
||||||
|
|
||||||
$this->userManager->expects($this->once())
|
$this->userManager->expects($this->once())
|
||||||
->method('checkPassword')
|
->method('checkPassword')
|
||||||
->with($this->userId, 'old')
|
->with($this->loginName, 'old')
|
||||||
->willReturn(false);
|
->willReturn(false);
|
||||||
|
|
||||||
$expects = new JSONResponse([
|
$expects = new JSONResponse([
|
||||||
|
@ -93,10 +99,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testChangePersonalPasswordCommonPassword() {
|
public function testChangePersonalPasswordCommonPassword() {
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getLoginName')
|
||||||
|
->willReturn($this->loginName);
|
||||||
|
|
||||||
$user = $this->getMockBuilder(IUser::class)->getMock();
|
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||||
$this->userManager->expects($this->once())
|
$this->userManager->expects($this->once())
|
||||||
->method('checkPassword')
|
->method('checkPassword')
|
||||||
->with($this->userId, 'old')
|
->with($this->loginName, 'old')
|
||||||
->willReturn($user);
|
->willReturn($user);
|
||||||
|
|
||||||
$user->expects($this->once())
|
$user->expects($this->once())
|
||||||
|
@ -116,10 +126,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testChangePersonalPasswordNoNewPassword() {
|
public function testChangePersonalPasswordNoNewPassword() {
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getLoginName')
|
||||||
|
->willReturn($this->loginName);
|
||||||
|
|
||||||
$user = $this->getMockBuilder(IUser::class)->getMock();
|
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||||
$this->userManager->expects($this->once())
|
$this->userManager->expects($this->once())
|
||||||
->method('checkPassword')
|
->method('checkPassword')
|
||||||
->with($this->userId, 'old')
|
->with($this->loginName, 'old')
|
||||||
->willReturn($user);
|
->willReturn($user);
|
||||||
|
|
||||||
$expects = [
|
$expects = [
|
||||||
|
@ -132,10 +146,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testChangePersonalPasswordCantSetPassword() {
|
public function testChangePersonalPasswordCantSetPassword() {
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getLoginName')
|
||||||
|
->willReturn($this->loginName);
|
||||||
|
|
||||||
$user = $this->getMockBuilder(IUser::class)->getMock();
|
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||||
$this->userManager->expects($this->once())
|
$this->userManager->expects($this->once())
|
||||||
->method('checkPassword')
|
->method('checkPassword')
|
||||||
->with($this->userId, 'old')
|
->with($this->loginName, 'old')
|
||||||
->willReturn($user);
|
->willReturn($user);
|
||||||
|
|
||||||
$user->expects($this->once())
|
$user->expects($this->once())
|
||||||
|
@ -152,10 +170,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testChangePersonalPassword() {
|
public function testChangePersonalPassword() {
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getLoginName')
|
||||||
|
->willReturn($this->loginName);
|
||||||
|
|
||||||
$user = $this->getMockBuilder(IUser::class)->getMock();
|
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||||
$this->userManager->expects($this->once())
|
$this->userManager->expects($this->once())
|
||||||
->method('checkPassword')
|
->method('checkPassword')
|
||||||
->with($this->userId, 'old')
|
->with($this->loginName, 'old')
|
||||||
->willReturn($user);
|
->willReturn($user);
|
||||||
|
|
||||||
$user->expects($this->once())
|
$user->expects($this->once())
|
||||||
|
|
Loading…
Reference in New Issue