Merge pull request #22276 from owncloud/harden-updater-auth

Harden updater authentication
This commit is contained in:
Thomas Müller 2016-02-10 17:31:38 +01:00
commit 6b836325cf
3 changed files with 6 additions and 5 deletions

View File

@ -77,8 +77,8 @@ class AdminController extends Controller {
$this->config->setAppValue('core', 'updater.secret.created', $this->timeFactory->getTime());
// Create a new token
$newToken = $this->secureRandom->generate(32);
$this->config->setSystemValue('updater.secret', $newToken);
$newToken = $this->secureRandom->generate(64);
$this->config->setSystemValue('updater.secret', password_hash($newToken, PASSWORD_DEFAULT));
return new DataResponse($newToken);
}

View File

@ -67,7 +67,8 @@ class ResetTokenBackgroundJob extends TimedJob {
* @param $argument
*/
protected function run($argument) {
if($this->timeFactory->getTime() - $this->config->getAppValue('core', 'updater.secret.created', $this->timeFactory->getTime()) >= 86400) {
// Delete old tokens after 2 days
if($this->timeFactory->getTime() - $this->config->getAppValue('core', 'updater.secret.created', $this->timeFactory->getTime()) >= 172800) {
$this->config->deleteSystemValue('updater.secret');
}
}

View File

@ -77,12 +77,12 @@ class AdminControllerTest extends TestCase {
$this->secureRandom
->expects($this->once())
->method('generate')
->with(32)
->with(64)
->willReturn('MyGeneratedToken');
$this->config
->expects($this->once())
->method('setSystemValue')
->with('updater.secret', 'MyGeneratedToken');
->with('updater.secret');
$this->timeFactory
->expects($this->once())
->method('getTime')