Merge pull request #20518 from nextcloud/backport/20505/stable16

[stable16] do not advertise nulled userId for for systemwide credentials
2020-04-18 11:24:07 +02:00 · 2020-04-18 11:24:07 +02:00 · 33d472c72a
parent 71090ff59d db32aeb99d
commit 33d472c72a
3 changed files with 12 additions and 9 deletions
--- a/lib/private/Security/CredentialsManager.php
+++ b/lib/private/Security/CredentialsManager.php
@ -53,7 +53,7 @@ class CredentialsManager implements ICredentialsManager {
 	/**
 	 * Store a set of credentials
 	 *
-	 * @param string|null $userId Null for system-wide credentials
+	 * @param string $userId empty string for system-wide credentials
 	 * @param string $identifier
 	 * @param mixed $credentials
 	 */
@ -61,7 +61,7 @@ class CredentialsManager implements ICredentialsManager {
 		$value = $this->crypto->encrypt(json_encode($credentials));

 		$this->dbConnection->setValues(self::DB_TABLE, [
-			'user' => $userId,
+			'user' => (string)$userId,
 			'identifier' => $identifier,
 		], [
 			'credentials' => $value,
@ -71,7 +71,7 @@ class CredentialsManager implements ICredentialsManager {
 	/**
 	 * Retrieve a set of credentials
 	 *
-	 * @param string|null $userId Null for system-wide credentials
+	 * @param string $userId empty string for system-wide credentials
 	 * @param string $identifier
 	 * @return mixed
 	 */
@ -79,7 +79,7 @@ class CredentialsManager implements ICredentialsManager {
 		$qb = $this->dbConnection->getQueryBuilder();
 		$qb->select('credentials')
 			->from(self::DB_TABLE)
-			->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
+			->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
 			->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
 		;
 		$result = $qb->execute()->fetch();
@ -95,14 +95,14 @@ class CredentialsManager implements ICredentialsManager {
 	/**
 	 * Delete a set of credentials
 	 *
-	 * @param string|null $userId Null for system-wide credentials
+	 * @param string $userId empty string for system-wide credentials
 	 * @param string $identifier
 	 * @return int rows removed
 	 */
 	public function delete($userId, $identifier) {
 		$qb = $this->dbConnection->getQueryBuilder();
 		$qb->delete(self::DB_TABLE)
-			->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
+			->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
 			->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
 		;
 		return $qb->execute();
--- a/lib/public/Security/ICredentialsManager.php
+++ b/lib/public/Security/ICredentialsManager.php
@ -33,7 +33,7 @@ interface ICredentialsManager {
 	/**
 	 * Store a set of credentials
 	 *
-	 * @param string|null $userId Null for system-wide credentials
+	 * @param string $userId empty string for system-wide credentials
 	 * @param string $identifier
 	 * @param mixed $credentials
 	 * @since 8.2.0
@ -43,7 +43,7 @@ interface ICredentialsManager {
 	/**
 	 * Retrieve a set of credentials
 	 *
-	 * @param string|null $userId Null for system-wide credentials
+	 * @param string $userId empty string for system-wide credentials
 	 * @param string $identifier
 	 * @return mixed
 	 * @since 8.2.0
@ -53,7 +53,7 @@ interface ICredentialsManager {
 	/**
 	 * Delete a set of credentials
 	 *
-	 * @param string|null $userId Null for system-wide credentials
+	 * @param string $userId empty string for system-wide credentials
 	 * @param string $identifier
 	 * @return int rows removed
 	 * @since 8.2.0
--- a/tests/lib/Security/CredentialsManagerTest.php
+++ b/tests/lib/Security/CredentialsManagerTest.php
@ -27,6 +27,9 @@ use \OCP\Security\ICrypto;
 use \OCP\IDBConnection;
 use \OC\Security\CredentialsManager;

+/**
+ * @group DB
+ */
 class CredentialsManagerTest extends \Test\TestCase {

 	/** @var ICrypto */