Merge pull request #17648 from nextcloud/backport/16782/stable16
[stable16] Stop if there is no encrypted token
This commit is contained in:
commit
cbc82a9449
|
@ -186,8 +186,12 @@ class LostController extends Controller {
|
|||
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
||||
}
|
||||
|
||||
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
|
||||
if ($encryptedToken === null) {
|
||||
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
||||
}
|
||||
|
||||
try {
|
||||
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
|
||||
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
|
||||
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
|
||||
} catch (\Exception $e) {
|
||||
|
|
|
@ -687,6 +687,22 @@ class LostControllerTest extends \Test\TestCase {
|
|||
$this->assertSame($expectedResponse, $response);
|
||||
}
|
||||
|
||||
public function testIsSetPasswordTokenNullFailing() {
|
||||
$this->config->method('getUserValue')
|
||||
->with('ValidTokenUser', 'core', 'lostpassword', null)
|
||||
->willReturn(null);
|
||||
$this->userManager->method('get')
|
||||
->with('ValidTokenUser')
|
||||
->willReturn($this->existingUser);
|
||||
|
||||
$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
|
||||
$expectedResponse = [
|
||||
'status' => 'error',
|
||||
'msg' => 'Couldn\'t reset password because the token is invalid'
|
||||
];
|
||||
$this->assertSame($expectedResponse, $response);
|
||||
}
|
||||
|
||||
public function testSetPasswordForDisabledUser() {
|
||||
$user = $this->createMock(IUser::class);
|
||||
$user->expects($this->any())
|
||||
|
@ -700,7 +716,7 @@ class LostControllerTest extends \Test\TestCase {
|
|||
->willReturn('encryptedData');
|
||||
$this->userManager->method('get')
|
||||
->with('DisabledUser')
|
||||
->willReturn($this->existingUser);
|
||||
->willReturn($user);
|
||||
|
||||
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
|
||||
$expectedResponse = [
|
||||
|
|
Loading…
Reference in New Issue