Merge pull request #16308 from nextcloud/fix/undefined-offset-0

Prevent undefined offset 0 in findByUserIdOrMail
This commit is contained in:
Morris Jobke 2019-07-10 12:16:36 +02:00 committed by GitHub
commit 5c21b29d7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 27 deletions

View File

@ -50,6 +50,9 @@ use OCP\IUserManager;
use OCP\Mail\IMailer; use OCP\Mail\IMailer;
use OCP\Security\ICrypto; use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use function array_filter;
use function count;
use function reset;
/** /**
* Class LostController * Class LostController
@ -389,12 +392,12 @@ class LostController extends Controller {
return $user; return $user;
} }
$users = \array_filter($this->userManager->getByEmail($input), function (IUser $user) { $users = array_filter($this->userManager->getByEmail($input), function (IUser $user) {
return $user->isEnabled(); return $user->isEnabled();
}); });
if (\count($users) === 1) { if (count($users) === 1) {
return $users[0]; return reset($users);
} }
throw $userNotFound; throw $userNotFound;

View File

@ -821,28 +821,38 @@ class LostControllerTest extends \Test\TestCase {
$this->assertEquals($expectedResponse, $response); $this->assertEquals($expectedResponse, $response);
} }
public function testTwoUsersWithSameEmailOneDisabled() {
/**
* @return array
*/
public function dataTwoUserswithSameEmailOneDisabled(): array {
return [
['user1' => true, 'user2' => false],
['user1' => false, 'user2' => true]
];
}
/**
* @dataProvider dataTwoUserswithSameEmailOneDisabled
* @param bool $userEnabled1
* @param bool $userEnabled2
*/
public function testTwoUsersWithSameEmailOneDisabled(bool $userEnabled1, bool $userEnabled2): void {
$user1 = $this->createMock(IUser::class); $user1 = $this->createMock(IUser::class);
$user1->expects($this->any()) $user1->method('getEMailAddress')
->method('getEMailAddress')
->willReturn('test@example.com'); ->willReturn('test@example.com');
$user1->expects($this->any()) $user1->method('getUID')
->method('getUID')
->willReturn('User1'); ->willReturn('User1');
$user1->expects($this->any()) $user1->method('isEnabled')
->method('isEnabled') ->willReturn($userEnabled1);
->willReturn(true);
$user2 = $this->createMock(IUser::class); $user2 = $this->createMock(IUser::class);
$user2->expects($this->any()) $user2->method('getEMailAddress')
->method('getEMailAddress')
->willReturn('test@example.com'); ->willReturn('test@example.com');
$user2->expects($this->any()) $user2->method('getUID')
->method('getUID')
->willReturn('User2'); ->willReturn('User2');
$user2->expects($this->any()) $user2->method('isEnabled')
->method('isEnabled') ->willReturn($userEnabled2);
->willReturn(false);
$this->userManager $this->userManager
->method('get') ->method('get')
@ -852,14 +862,7 @@ class LostControllerTest extends \Test\TestCase {
->method('getByEmail') ->method('getByEmail')
->willReturn([$user1, $user2]); ->willReturn([$user1, $user2]);
// request password reset for test@example.com $result = self::invokePrivate($this->lostController, 'findUserByIdOrMail', ['test@example.com']);
$response = $this->lostController->email('test@example.com'); $this->assertInstanceOf(IUser::class, $result);
$expectedResponse = new JSONResponse([
'status' => 'success'
]);
$expectedResponse->throttle();
$this->assertEquals($expectedResponse, $response);
} }
} }