Merge pull request #16782 from nextcloud/fix/16729/stop-if-encrypted-token-null
Stop if there is no encrypted token
This commit is contained in:
commit
6d20876eb2
|
@ -194,8 +194,12 @@ class LostController extends Controller {
|
||||||
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
|
||||||
|
if ($encryptedToken === null) {
|
||||||
|
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
|
|
||||||
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
|
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
|
||||||
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
|
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
|
|
|
@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase {
|
||||||
$this->assertSame($expectedResponse, $response);
|
$this->assertSame($expectedResponse, $response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testIsSetPasswordTokenNullFailing() {
|
||||||
|
$this->config->method('getUserValue')
|
||||||
|
->with('ValidTokenUser', 'core', 'lostpassword', null)
|
||||||
|
->willReturn(null);
|
||||||
|
$this->userManager->method('get')
|
||||||
|
->with('ValidTokenUser')
|
||||||
|
->willReturn($this->existingUser);
|
||||||
|
|
||||||
|
$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
|
||||||
|
$expectedResponse = [
|
||||||
|
'status' => 'error',
|
||||||
|
'msg' => 'Couldn\'t reset password because the token is invalid'
|
||||||
|
];
|
||||||
|
$this->assertSame($expectedResponse, $response);
|
||||||
|
}
|
||||||
|
|
||||||
public function testSetPasswordForDisabledUser() {
|
public function testSetPasswordForDisabledUser() {
|
||||||
$user = $this->createMock(IUser::class);
|
$user = $this->createMock(IUser::class);
|
||||||
$user->expects($this->any())
|
$user->expects($this->any())
|
||||||
|
@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase {
|
||||||
->willReturn('encryptedData');
|
->willReturn('encryptedData');
|
||||||
$this->userManager->method('get')
|
$this->userManager->method('get')
|
||||||
->with('DisabledUser')
|
->with('DisabledUser')
|
||||||
->willReturn($this->existingUser);
|
->willReturn($user);
|
||||||
|
|
||||||
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
|
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
|
||||||
$expectedResponse = [
|
$expectedResponse = [
|
||||||
|
|
Loading…
Reference in New Issue