mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #17648 from nextcloud/backport/16782/stable16 

[stable16] Stop if there is no encrypted token
This commit is contained in:
Roeland Jago Douma 2019-10-23 08:36:20 +02:00 committed by GitHub
parent b8be6ed15e 3a995a1656
commit cbc82a9449
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/Controller/LostController.php
View File

@ -186,8 +186,12 @@ class LostController extends Controller {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
try {
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
if ($encryptedToken === null) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
try {
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
} catch (\Exception $e) {

18
tests/Core/Controller/LostControllerTest.php
View File

@ -687,6 +687,22 @@ class LostControllerTest extends \Test\TestCase {
$this->assertSame($expectedResponse, $response);
}
public function testIsSetPasswordTokenNullFailing() {
$this->config->method('getUserValue')
->with('ValidTokenUser', 'core', 'lostpassword', null)
->willReturn(null);
$this->userManager->method('get')
->with('ValidTokenUser')
->willReturn($this->existingUser);
$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
$expectedResponse = [
'status' => 'error',
'msg' => 'Couldn\'t reset password because the token is invalid'
];
$this->assertSame($expectedResponse, $response);
}
public function testSetPasswordForDisabledUser() {
$user = $this->createMock(IUser::class);
$user->expects($this->any())
@ -700,7 +716,7 @@ class LostControllerTest extends \Test\TestCase {
->willReturn('encryptedData');
$this->userManager->method('get')
->with('DisabledUser')
->willReturn($this->existingUser);
->willReturn($user);
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
$expectedResponse = [