From e32b2c4b762a126b504b863c258caa2d4b72213f Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Sun, 18 Aug 2019 19:58:50 +0200
Subject: [PATCH 1/3] Stop if there is no encrypted token

Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 core/Controller/LostController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index dcdafaa408..49f015d511 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -194,8 +194,12 @@ class LostController extends Controller {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 		}
 
+		$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
+		if ($encryptedToken === null) {
+			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+		}
+
 		try {
-			$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
 			$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
 			$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
 		} catch (\Exception $e) {

From 7f7c6e49b6df1e1131fb79abc936cce402150618 Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Sun, 18 Aug 2019 23:18:39 +0200
Subject: [PATCH 2/3] Return the disabled user mock instead of the existing

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 tests/Core/Controller/LostControllerTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php
index b7ab99e991..6012341c95 100644
--- a/tests/Core/Controller/LostControllerTest.php
+++ b/tests/Core/Controller/LostControllerTest.php
@@ -712,7 +712,7 @@ class LostControllerTest extends \Test\TestCase {
 			->willReturn('encryptedData');
 		$this->userManager->method('get')
 			->with('DisabledUser')
-			->willReturn($this->existingUser);
+			->willReturn($user);
 
 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
 		$expectedResponse = [

From 9c4c5ee8187f169d4d915b9bc84988cca2f6619d Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Sun, 18 Aug 2019 23:27:03 +0200
Subject: [PATCH 3/3] Add test case for existing user with token null

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 tests/Core/Controller/LostControllerTest.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php
index 6012341c95..60b96a3908 100644
--- a/tests/Core/Controller/LostControllerTest.php
+++ b/tests/Core/Controller/LostControllerTest.php
@@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase {
 		$this->assertSame($expectedResponse, $response);
 	}
 
+	public function testIsSetPasswordTokenNullFailing() {
+		$this->config->method('getUserValue')
+			->with('ValidTokenUser', 'core', 'lostpassword', null)
+			->willReturn(null);
+		$this->userManager->method('get')
+			->with('ValidTokenUser')
+			->willReturn($this->existingUser);
+
+		$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
+		$expectedResponse = [
+			'status' => 'error',
+			'msg' => 'Couldn\'t reset password because the token is invalid'
+		];
+		$this->assertSame($expectedResponse, $response);
+	}
+
 	public function testSetPasswordForDisabledUser() {
 		$user = $this->createMock(IUser::class);
 		$user->expects($this->any())