Merge pull request #16325 from nextcloud/backport/16308/stable16

[stable16] Prevent undefined offset 0 in findByUserIdOrMail
This commit is contained in:
Roeland Jago Douma 2019-07-10 15:27:12 +02:00 committed by GitHub
commit 73e1fef0a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 27 deletions

View File

@ -50,6 +50,9 @@ use OCP\IUserManager;
use OCP\Mail\IMailer;
use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom;
use function array_filter;
use function count;
use function reset;
/**
* Class LostController
@ -389,12 +392,12 @@ class LostController extends Controller {
return $user;
}
$users = \array_filter($this->userManager->getByEmail($input), function (IUser $user) {
$users = array_filter($this->userManager->getByEmail($input), function (IUser $user) {
return $user->isEnabled();
});
if (\count($users) === 1) {
return $users[0];
if (count($users) === 1) {
return reset($users);
}
throw $userNotFound;

View File

@ -821,28 +821,38 @@ class LostControllerTest extends \Test\TestCase {
$this->assertEquals($expectedResponse, $response);
}
public function testTwoUsersWithSameEmailOneDisabled() {
/**
* @return array
*/
public function dataTwoUserswithSameEmailOneDisabled(): array {
return [
['user1' => true, 'user2' => false],
['user1' => false, 'user2' => true]
];
}
/**
* @dataProvider dataTwoUserswithSameEmailOneDisabled
* @param bool $userEnabled1
* @param bool $userEnabled2
*/
public function testTwoUsersWithSameEmailOneDisabled(bool $userEnabled1, bool $userEnabled2): void {
$user1 = $this->createMock(IUser::class);
$user1->expects($this->any())
->method('getEMailAddress')
$user1->method('getEMailAddress')
->willReturn('test@example.com');
$user1->expects($this->any())
->method('getUID')
$user1->method('getUID')
->willReturn('User1');
$user1->expects($this->any())
->method('isEnabled')
->willReturn(true);
$user1->method('isEnabled')
->willReturn($userEnabled1);
$user2 = $this->createMock(IUser::class);
$user2->expects($this->any())
->method('getEMailAddress')
$user2->method('getEMailAddress')
->willReturn('test@example.com');
$user2->expects($this->any())
->method('getUID')
$user2->method('getUID')
->willReturn('User2');
$user2->expects($this->any())
->method('isEnabled')
->willReturn(false);
$user2->method('isEnabled')
->willReturn($userEnabled2);
$this->userManager
->method('get')
@ -852,14 +862,7 @@ class LostControllerTest extends \Test\TestCase {
->method('getByEmail')
->willReturn([$user1, $user2]);
// request password reset for test@example.com
$response = $this->lostController->email('test@example.com');
$expectedResponse = new JSONResponse([
'status' => 'success'
]);
$expectedResponse->throttle();
$this->assertEquals($expectedResponse, $response);
$result = self::invokePrivate($this->lostController, 'findUserByIdOrMail', ['test@example.com']);
$this->assertInstanceOf(IUser::class, $result);
}
}