Merge pull request #25224 from nextcloud/bugfix/24600/fix-saving-user-credentials

Update handling of user credentials
This commit is contained in:
Morris Jobke 2021-01-20 14:59:30 +01:00 committed by GitHub
commit 6129a85187
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 4 deletions

View File

@ -79,6 +79,11 @@ class LoginCredentials extends AuthMechanism {
try {
$sessionCredentials = $this->credentialsStore->getLoginCredentials();
if ($sessionCredentials->getUID() !== $user->getUID()) {
// Can't take the credentials from the session as they are not the same user
throw new CredentialsUnavailableException();
}
$credentials = [
'user' => $sessionCredentials->getLoginName(),
'password' => $sessionCredentials->getPassword()

View File

@ -51,10 +51,14 @@ class StorePasswordListener implements IEventListener {
}
$stored = $this->credentialsManager->retrieve($event->getUser()->getUID(), LoginCredentials::CREDENTIALS_IDENTIFIER);
$update = isset($stored['password']) && $stored['password'] !== $event->getPassword();
if (!$update && $event instanceof UserLoggedInEvent) {
$update = isset($stored['user']) && $stored['user'] !== $event->getLoginName();
}
if ($stored && $stored['password'] !== $event->getPassword()) {
if ($stored && $update) {
$credentials = [
'user' => $stored['user'],
'user' => $event->getLoginName(),
'password' => $event->getPassword()
];

View File

@ -575,7 +575,7 @@ class Server extends ServerContainer implements IServerContainer {
/** @var IEventDispatcher $dispatcher */
$dispatcher = $this->get(IEventDispatcher::class);
$dispatcher->dispatchTyped(new UserLoggedInEvent($user, $password, $isTokenLogin));
$dispatcher->dispatchTyped(new UserLoggedInEvent($user, $loginName, $password, $isTokenLogin));
});
$userSession->listen('\OC\User', 'preRememberedLogin', function ($uid) {
/** @var IEventDispatcher $dispatcher */

View File

@ -43,14 +43,18 @@ class UserLoggedInEvent extends Event {
/** @var bool */
private $isTokenLogin;
/** @var string */
private $loginName;
/**
* @since 18.0.0
*/
public function __construct(IUser $user, string $password, bool $isTokenLogin) {
public function __construct(IUser $user, string $loginName, string $password, bool $isTokenLogin) {
parent::__construct();
$this->user = $user;
$this->password = $password;
$this->isTokenLogin = $isTokenLogin;
$this->loginName = $loginName;
}
/**
@ -60,6 +64,13 @@ class UserLoggedInEvent extends Event {
return $this->user;
}
/**
* @since 21.0.0
*/
public function getLoginName(): string {
return $this->loginName;
}
/**
* @since 18.0.0
*/