Skip to content
Snippets Groups Projects
Unverified Commit 6d20876e authored by blizzz's avatar blizzz Committed by GitHub
Browse files

Merge pull request #16782 from nextcloud/fix/16729/stop-if-encrypted-token-null 

Stop if there is no encrypted token
parents dd02920a 9c4c5ee8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/Controller/LostController.php
+ 5
1
View file @ 6d20876e
...@@ -194,8 +194,12 @@ class LostController extends Controller { ...@@ -194,8 +194,12 @@ class LostController extends Controller {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
} }
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
if ($encryptedToken === null) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
try { try {
$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
} catch (\Exception $e) { } catch (\Exception $e) {
......
tests/Core/Controller/LostControllerTest.php
+ 17
1
View file @ 6d20876e
...@@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase { ...@@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase {
$this->assertSame($expectedResponse, $response); $this->assertSame($expectedResponse, $response);
} }
public function testIsSetPasswordTokenNullFailing() {
$this->config->method('getUserValue')
->with('ValidTokenUser', 'core', 'lostpassword', null)
->willReturn(null);
$this->userManager->method('get')
->with('ValidTokenUser')
->willReturn($this->existingUser);
$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
$expectedResponse = [
'status' => 'error',
'msg' => 'Couldn\'t reset password because the token is invalid'
];
$this->assertSame($expectedResponse, $response);
}
public function testSetPasswordForDisabledUser() { public function testSetPasswordForDisabledUser() {
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$user->expects($this->any()) $user->expects($this->any())
...@@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase { ...@@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase {
->willReturn('encryptedData'); ->willReturn('encryptedData');
$this->userManager->method('get') $this->userManager->method('get')
->with('DisabledUser') ->with('DisabledUser')
->willReturn($this->existingUser); ->willReturn($user);
$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true); $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
$expectedResponse = [ $expectedResponse = [
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment