Merge pull request #15906 from rullzer/fix_15777
Password set via OCS API should not be double escaped
This commit is contained in:
commit
7df7a3b360
|
@ -1220,7 +1220,7 @@ class Share extends Constants {
|
|||
$qb->update('`*PREFIX*share`')
|
||||
->set('`share_with`', ':pass')
|
||||
->where('`id` = :shareId')
|
||||
->setParameter(':pass', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password)))
|
||||
->setParameter(':pass', is_null($password) ? 'NULL' : \OC::$server->getHasher()->hash($password))
|
||||
->setParameter(':shareId', $shareId);
|
||||
|
||||
$qb->execute();
|
||||
|
|
|
@ -1158,6 +1158,52 @@ class Test_Share extends \Test\TestCase {
|
|||
\OC\Share\Share::setPassword($userSession, $connection, $config, 1, 'pass');
|
||||
}
|
||||
|
||||
public function testPasswords() {
|
||||
$pass = 'secret';
|
||||
|
||||
$this->shareUserTestFileAsLink();
|
||||
|
||||
$userSession = \OC::$server->getUserSession();
|
||||
$connection = \OC::$server->getDatabaseConnection();
|
||||
$config = $this->getMockBuilder('\OCP\IConfig')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
// Find the share ID in the db
|
||||
$qb = $connection->createQueryBuilder();
|
||||
$qb->select('`id`')
|
||||
->from('`*PREFIX*share`')
|
||||
->where('`item_type` = :type')
|
||||
->andWhere('`item_source` = :source')
|
||||
->andWhere('`uid_owner` = :owner')
|
||||
->andWhere('`share_type` = :share_type')
|
||||
->setParameter('type', 'test')
|
||||
->setParameter('source', 'test.txt')
|
||||
->setParameter('owner', $this->user1)
|
||||
->setParameter('share_type', \OCP\Share::SHARE_TYPE_LINK);
|
||||
|
||||
$res = $qb->execute()->fetchAll();
|
||||
$this->assertCount(1, $res);
|
||||
$id = $res[0]['id'];
|
||||
|
||||
// Set password on share
|
||||
$res = \OC\Share\Share::setPassword($userSession, $connection, $config, $id, $pass);
|
||||
$this->assertTrue($res);
|
||||
|
||||
// Fetch the hash from the database
|
||||
$qb = $connection->createQueryBuilder();
|
||||
$qb->select('`share_with`')
|
||||
->from('`*PREFIX*share`')
|
||||
->where('`id` = :id')
|
||||
->setParameter('id', $id);
|
||||
$hash = $qb->execute()->fetch()['share_with'];
|
||||
|
||||
$hasher = \OC::$server->getHasher();
|
||||
|
||||
// Verify hash
|
||||
$this->assertTrue($hasher->verify($pass, $hash));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test setting a password when everything is fine
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue