Merge pull request #15906 from rullzer/fix_15777

Password set via OCS API should not be double escaped
This commit is contained in:
Morris Jobke 2015-04-29 10:44:25 +02:00
commit 7df7a3b360
2 changed files with 47 additions and 1 deletions

View File

@ -1220,7 +1220,7 @@ class Share extends Constants {
$qb->update('`*PREFIX*share`')
->set('`share_with`', ':pass')
->where('`id` = :shareId')
->setParameter(':pass', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password)))
->setParameter(':pass', is_null($password) ? 'NULL' : \OC::$server->getHasher()->hash($password))
->setParameter(':shareId', $shareId);
$qb->execute();

View File

@ -1158,6 +1158,52 @@ class Test_Share extends \Test\TestCase {
\OC\Share\Share::setPassword($userSession, $connection, $config, 1, 'pass');
}
public function testPasswords() {
$pass = 'secret';
$this->shareUserTestFileAsLink();
$userSession = \OC::$server->getUserSession();
$connection = \OC::$server->getDatabaseConnection();
$config = $this->getMockBuilder('\OCP\IConfig')
->disableOriginalConstructor()
->getMock();
// Find the share ID in the db
$qb = $connection->createQueryBuilder();
$qb->select('`id`')
->from('`*PREFIX*share`')
->where('`item_type` = :type')
->andWhere('`item_source` = :source')
->andWhere('`uid_owner` = :owner')
->andWhere('`share_type` = :share_type')
->setParameter('type', 'test')
->setParameter('source', 'test.txt')
->setParameter('owner', $this->user1)
->setParameter('share_type', \OCP\Share::SHARE_TYPE_LINK);
$res = $qb->execute()->fetchAll();
$this->assertCount(1, $res);
$id = $res[0]['id'];
// Set password on share
$res = \OC\Share\Share::setPassword($userSession, $connection, $config, $id, $pass);
$this->assertTrue($res);
// Fetch the hash from the database
$qb = $connection->createQueryBuilder();
$qb->select('`share_with`')
->from('`*PREFIX*share`')
->where('`id` = :id')
->setParameter('id', $id);
$hash = $qb->execute()->fetch()['share_with'];
$hasher = \OC::$server->getHasher();
// Verify hash
$this->assertTrue($hasher->verify($pass, $hash));
}
/**
* Test setting a password when everything is fine
*/