Merge pull request #2563 from nextcloud/fix-password-reset

fix password reset if encryption is enabled
This commit is contained in:
Morris Jobke 2016-12-22 11:18:04 +01:00 committed by GitHub
commit 998f235474
2 changed files with 46 additions and 1 deletions

View File

@ -30,6 +30,7 @@
namespace OC\Core\Controller;
use OCA\Encryption\Exceptions\PrivateKeyMissingException;
use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory;
@ -154,7 +155,7 @@ class LostController extends Controller {
* @param string $userId
* @throws \Exception
*/
private function checkPasswordResetToken($token, $userId) {
protected function checkPasswordResetToken($token, $userId) {
$user = $this->userManager->get($userId);
if($user === null) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
@ -241,6 +242,11 @@ class LostController extends Controller {
$this->config->deleteUserValue($userId, 'core', 'lostpassword');
@\OC_User::unsetMagicInCookie();
} catch (PrivateKeyMissingException $e) {
// in this case it is OK if we couldn't reset the users private key
// They chose explicitely to continue at the password reset dialog
// (see $proceed flag)
return $this->success();
} catch (\Exception $e){
return $this->error($e->getMessage());
}

View File

@ -23,6 +23,7 @@ namespace Tests\Core\Controller;
use OC\Core\Controller\LostController;
use OC\Mail\Message;
use OCA\Encryption\Exceptions\PrivateKeyMissingException;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Encryption\IManager;
@ -590,4 +591,42 @@ class LostControllerTest extends \Test\TestCase {
$this->assertSame($expectedResponse, $response);
}
public function testSetPasswordEncryptionProceed() {
/** @var LostController | PHPUnit_Framework_MockObject_MockObject $lostController */
$lostController = $this->getMockBuilder(LostController::class)
->setConstructorArgs(
[
'Core',
$this->request,
$this->urlGenerator,
$this->userManager,
$this->defaults,
$this->l10n,
$this->config,
$this->secureRandom,
'lostpassword-noreply@localhost',
$this->encryptionManager,
$this->mailer,
$this->timeFactory,
$this->crypto
]
)->setMethods(['checkPasswordResetToken'])->getMock();
$lostController->expects($this->once())->method('checkPasswordResetToken')->willReturn(true);
$user = $this->createMock(IUser::class);
$user->method('setPassword')->willReturnCallback(
function() {
throw new PrivateKeyMissingException('user');
}
);
$this->userManager->method('get')->with('user')->willReturn($user);
$response = $lostController->setPassword('myToken', 'user', 'newpass', true);
$expectedResponse = ['status' => 'success'];
$this->assertSame($expectedResponse, $response);
}
}