Skip to content
Snippets Groups Projects
Unverified Commit 9bb07d3f authored by Roeland Jago Douma's avatar Roeland Jago Douma Committed by GitHub
Browse files

Merge pull request #21106 from nextcloud/fix/10809/user-pwd-change-loginname 

use the loginname to verify the old password in user password changes
parents 69e2aa02 653162a7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/settings/lib/Controller/ChangePasswordController.php
+ 2
1
View file @ 9bb07d3f
...@@ -89,8 +89,9 @@ class ChangePasswordController extends Controller { ...@@ -89,8 +89,9 @@ class ChangePasswordController extends Controller {
* @BruteForceProtection(action=changePersonalPassword) * @BruteForceProtection(action=changePersonalPassword)
*/ */
public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse {
$loginName = $this->userSession->getLoginName();
/** @var IUser $user */ /** @var IUser $user */
$user = $this->userManager->checkPassword($this->userId, $oldpassword); $user = $this->userManager->checkPassword($loginName, $oldpassword);
if ($user === false) { if ($user === false) {
$response = new JSONResponse([ $response = new JSONResponse([
'status' => 'error', 'status' => 'error',
......
tests/Core/Controller/ChangePasswordControllerTest.php
+ 27
5
View file @ 9bb07d3f
...@@ -36,6 +36,8 @@ use OCP\IUserManager; ...@@ -36,6 +36,8 @@ use OCP\IUserManager;
class ChangePasswordControllerTest extends \Test\TestCase { class ChangePasswordControllerTest extends \Test\TestCase {
/** @var string */ /** @var string */
private $userId = 'currentUser'; private $userId = 'currentUser';
/** @var string */
private $loginName = 'ua1337';
/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
private $userManager; private $userManager;
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */ /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
...@@ -75,9 +77,13 @@ class ChangePasswordControllerTest extends \Test\TestCase { ...@@ -75,9 +77,13 @@ class ChangePasswordControllerTest extends \Test\TestCase {
} }
public function testChangePersonalPasswordWrongPassword() { public function testChangePersonalPasswordWrongPassword() {
$this->userSession->expects($this->once())
->method('getLoginName')
->willReturn($this->loginName);
$this->userManager->expects($this->once()) $this->userManager->expects($this->once())
->method('checkPassword') ->method('checkPassword')
->with($this->userId, 'old') ->with($this->loginName, 'old')
->willReturn(false); ->willReturn(false);
$expects = new JSONResponse([ $expects = new JSONResponse([
...@@ -93,10 +99,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { ...@@ -93,10 +99,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
} }
public function testChangePersonalPasswordCommonPassword() { public function testChangePersonalPasswordCommonPassword() {
$this->userSession->expects($this->once())
->method('getLoginName')
->willReturn($this->loginName);
$user = $this->getMockBuilder(IUser::class)->getMock(); $user = $this->getMockBuilder(IUser::class)->getMock();
$this->userManager->expects($this->once()) $this->userManager->expects($this->once())
->method('checkPassword') ->method('checkPassword')
->with($this->userId, 'old') ->with($this->loginName, 'old')
->willReturn($user); ->willReturn($user);
$user->expects($this->once()) $user->expects($this->once())
...@@ -116,10 +126,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { ...@@ -116,10 +126,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
} }
public function testChangePersonalPasswordNoNewPassword() { public function testChangePersonalPasswordNoNewPassword() {
$this->userSession->expects($this->once())
->method('getLoginName')
->willReturn($this->loginName);
$user = $this->getMockBuilder(IUser::class)->getMock(); $user = $this->getMockBuilder(IUser::class)->getMock();
$this->userManager->expects($this->once()) $this->userManager->expects($this->once())
->method('checkPassword') ->method('checkPassword')
->with($this->userId, 'old') ->with($this->loginName, 'old')
->willReturn($user); ->willReturn($user);
$expects = [ $expects = [
...@@ -132,10 +146,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { ...@@ -132,10 +146,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
} }
public function testChangePersonalPasswordCantSetPassword() { public function testChangePersonalPasswordCantSetPassword() {
$this->userSession->expects($this->once())
->method('getLoginName')
->willReturn($this->loginName);
$user = $this->getMockBuilder(IUser::class)->getMock(); $user = $this->getMockBuilder(IUser::class)->getMock();
$this->userManager->expects($this->once()) $this->userManager->expects($this->once())
->method('checkPassword') ->method('checkPassword')
->with($this->userId, 'old') ->with($this->loginName, 'old')
->willReturn($user); ->willReturn($user);
$user->expects($this->once()) $user->expects($this->once())
...@@ -152,10 +170,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { ...@@ -152,10 +170,14 @@ class ChangePasswordControllerTest extends \Test\TestCase {
} }
public function testChangePersonalPassword() { public function testChangePersonalPassword() {
$this->userSession->expects($this->once())
->method('getLoginName')
->willReturn($this->loginName);
$user = $this->getMockBuilder(IUser::class)->getMock(); $user = $this->getMockBuilder(IUser::class)->getMock();
$this->userManager->expects($this->once()) $this->userManager->expects($this->once())
->method('checkPassword') ->method('checkPassword')
->with($this->userId, 'old') ->with($this->loginName, 'old')
->willReturn($user); ->willReturn($user);
$user->expects($this->once()) $user->expects($this->once())
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment