mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #16782 from nextcloud/fix/16729/stop-if-encrypted-token-null 

Stop if there is no encrypted token
This commit is contained in:
blizzz 2019-08-21 12:31:12 +02:00 committed by GitHub
parent dd02920aed 9c4c5ee818
commit 6d20876eb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/Controller/LostController.php
View File

@ -194,8 +194,12 @@ class LostController extends Controller {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
if ($encryptedToken === null) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
try {
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
} catch (\Exception $e) {

18
tests/Core/Controller/LostControllerTest.php
View File

@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase {
$this->assertSame($expectedResponse, $response);
}
public function testIsSetPasswordTokenNullFailing() {
$this->config->method('getUserValue')
->with('ValidTokenUser', 'core', 'lostpassword', null)
->willReturn(null);
$this->userManager->method('get')
->with('ValidTokenUser')
->willReturn($this->existingUser);
$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
$expectedResponse = [
'status' => 'error',
'msg' => 'Couldn\'t reset password because the token is invalid'
];
$this->assertSame($expectedResponse, $response);
}
public function testSetPasswordForDisabledUser() {
$user = $this->createMock(IUser::class);
$user->expects($this->any())
@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase {
->willReturn('encryptedData');
$this->userManager->method('get')
->with('DisabledUser')
->willReturn($this->existingUser);
->willReturn($user);
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
$expectedResponse = [