Skip to content
Snippets Groups Projects
Unverified Commit d55f4183 authored by blizzz's avatar blizzz Committed by GitHub
Browse files

Merge pull request #20505 from nextcloud/fix/noid/system-creds 

do not advertise nulled userId for for systemwide credentials
parents 8971403a 5437844b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/private/Security/CredentialsManager.php
+ 6
6
View file @ d55f4183
...@@ -53,7 +53,7 @@ class CredentialsManager implements ICredentialsManager { ...@@ -53,7 +53,7 @@ class CredentialsManager implements ICredentialsManager {
/** /**
* Store a set of credentials * Store a set of credentials
* *
* @param string|null $userId Null for system-wide credentials * @param string $userId empty string for system-wide credentials
* @param string $identifier * @param string $identifier
* @param mixed $credentials * @param mixed $credentials
*/ */
...@@ -61,7 +61,7 @@ class CredentialsManager implements ICredentialsManager { ...@@ -61,7 +61,7 @@ class CredentialsManager implements ICredentialsManager {
$value = $this->crypto->encrypt(json_encode($credentials)); $value = $this->crypto->encrypt(json_encode($credentials));
$this->dbConnection->setValues(self::DB_TABLE, [ $this->dbConnection->setValues(self::DB_TABLE, [
'user' => $userId, 'user' => (string)$userId,
'identifier' => $identifier, 'identifier' => $identifier,
], [ ], [
'credentials' => $value, 'credentials' => $value,
...@@ -71,7 +71,7 @@ class CredentialsManager implements ICredentialsManager { ...@@ -71,7 +71,7 @@ class CredentialsManager implements ICredentialsManager {
/** /**
* Retrieve a set of credentials * Retrieve a set of credentials
* *
* @param string|null $userId Null for system-wide credentials * @param string $userId empty string for system-wide credentials
* @param string $identifier * @param string $identifier
* @return mixed * @return mixed
*/ */
...@@ -79,7 +79,7 @@ class CredentialsManager implements ICredentialsManager { ...@@ -79,7 +79,7 @@ class CredentialsManager implements ICredentialsManager {
$qb = $this->dbConnection->getQueryBuilder(); $qb = $this->dbConnection->getQueryBuilder();
$qb->select('credentials') $qb->select('credentials')
->from(self::DB_TABLE) ->from(self::DB_TABLE)
->where($qb->expr()->eq('user', $qb->createNamedParameter($userId))) ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
; ;
$result = $qb->execute()->fetch(); $result = $qb->execute()->fetch();
...@@ -95,14 +95,14 @@ class CredentialsManager implements ICredentialsManager { ...@@ -95,14 +95,14 @@ class CredentialsManager implements ICredentialsManager {
/** /**
* Delete a set of credentials * Delete a set of credentials
* *
* @param string|null $userId Null for system-wide credentials * @param string $userId empty string for system-wide credentials
* @param string $identifier * @param string $identifier
* @return int rows removed * @return int rows removed
*/ */
public function delete($userId, $identifier) { public function delete($userId, $identifier) {
$qb = $this->dbConnection->getQueryBuilder(); $qb = $this->dbConnection->getQueryBuilder();
$qb->delete(self::DB_TABLE) $qb->delete(self::DB_TABLE)
->where($qb->expr()->eq('user', $qb->createNamedParameter($userId))) ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
; ;
return $qb->execute(); return $qb->execute();
......
lib/public/Security/ICredentialsManager.php
+ 3
3
View file @ d55f4183
...@@ -33,7 +33,7 @@ interface ICredentialsManager { ...@@ -33,7 +33,7 @@ interface ICredentialsManager {
/** /**
* Store a set of credentials * Store a set of credentials
* *
* @param string|null $userId Null for system-wide credentials * @param string $userId empty string for system-wide credentials
* @param string $identifier * @param string $identifier
* @param mixed $credentials * @param mixed $credentials
* @since 8.2.0 * @since 8.2.0
...@@ -43,7 +43,7 @@ interface ICredentialsManager { ...@@ -43,7 +43,7 @@ interface ICredentialsManager {
/** /**
* Retrieve a set of credentials * Retrieve a set of credentials
* *
* @param string|null $userId Null for system-wide credentials * @param string $userId empty string for system-wide credentials
* @param string $identifier * @param string $identifier
* @return mixed * @return mixed
* @since 8.2.0 * @since 8.2.0
...@@ -53,7 +53,7 @@ interface ICredentialsManager { ...@@ -53,7 +53,7 @@ interface ICredentialsManager {
/** /**
* Delete a set of credentials * Delete a set of credentials
* *
* @param string|null $userId Null for system-wide credentials * @param string $userId empty string for system-wide credentials
* @param string $identifier * @param string $identifier
* @return int rows removed * @return int rows removed
* @since 8.2.0 * @since 8.2.0
......
tests/lib/Security/CredentialsManagerTest.php
+ 33
0
View file @ d55f4183
...@@ -27,6 +27,9 @@ use OCP\IDBConnection; ...@@ -27,6 +27,9 @@ use OCP\IDBConnection;
use OCP\ILogger; use OCP\ILogger;
use OCP\Security\ICrypto; use OCP\Security\ICrypto;
/**
* @group DB
*/
class CredentialsManagerTest extends \Test\TestCase { class CredentialsManagerTest extends \Test\TestCase {
/** @var ICrypto */ /** @var ICrypto */
...@@ -106,4 +109,34 @@ class CredentialsManagerTest extends \Test\TestCase { ...@@ -106,4 +109,34 @@ class CredentialsManagerTest extends \Test\TestCase {
$this->manager->retrieve($userId, $identifier); $this->manager->retrieve($userId, $identifier);
} }
/**
* @dataProvider credentialsProvider
*/
public function testWithDB($userId, $identifier) {
$credentialsManager = \OC::$server->getCredentialsManager();
$secrets = 'Open Sesame';
$credentialsManager->store($userId, $identifier, $secrets);
$received = $credentialsManager->retrieve($userId, $identifier);
$this->assertSame($secrets, $received);
$removedRows = $credentialsManager->delete($userId, $identifier);
$this->assertSame(1, $removedRows);
}
public function credentialsProvider() {
return [
[
'alice',
'privateCredentials'
],
[
'',
'systemCredentials',
],
];
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment