Skip to content
Snippets Groups Projects
Unverified Commit e5d78a35 authored by Leon Klingele's avatar Leon Klingele
Browse files

Fix CSRF token generation / validation 


Operate on raw bytes instead of base64-encoded strings.
Issue was introduced in a977465a

Signed-off-by: default avatarLeon Klingele <git@leonklingele.de>
parent 42b0a0d2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/private/Security/CSRF/CsrfToken.php
+ 3
3
View file @ e5d78a35
...@@ -51,8 +51,8 @@ class CsrfToken { ...@@ -51,8 +51,8 @@ class CsrfToken {
*/ */
public function getEncryptedValue() { public function getEncryptedValue() {
if($this->encryptedValue === '') { if($this->encryptedValue === '') {
$sharedSecret = base64_encode(random_bytes(strlen($this->value))); $sharedSecret = random_bytes(strlen($this->value));
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . $sharedSecret; $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
} }
return $this->encryptedValue; return $this->encryptedValue;
...@@ -71,6 +71,6 @@ class CsrfToken { ...@@ -71,6 +71,6 @@ class CsrfToken {
} }
$obfuscatedToken = $token[0]; $obfuscatedToken = $token[0];
$secret = $token[1]; $secret = $token[1];
return base64_decode($obfuscatedToken) ^ $secret; return base64_decode($obfuscatedToken) ^ base64_decode($secret);
} }
} }
tests/lib/Security/CSRF/CsrfTokenManagerTest.php
+ 6
2
View file @ e5d78a35
...@@ -137,15 +137,19 @@ class CsrfTokenManagerTest extends \Test\TestCase { ...@@ -137,15 +137,19 @@ class CsrfTokenManagerTest extends \Test\TestCase {
} }
public function testIsTokenValidWithValidToken() { public function testIsTokenValidWithValidToken() {
$a = 'abc';
$b = 'def';
$xorB64 = 'BQcF';
$tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
$this->storageInterface $this->storageInterface
->expects($this->once()) ->expects($this->once())
->method('hasToken') ->method('hasToken')
->willReturn(true); ->willReturn(true);
$token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); $token = new \OC\Security\CSRF\CsrfToken($tokenVal);
$this->storageInterface $this->storageInterface
->expects($this->once()) ->expects($this->once())
->method('getToken') ->method('getToken')
->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF'); ->willReturn($b);
$this->assertSame(true, $this->csrfTokenManager->isTokenValid($token)); $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
} }
......
tests/lib/Security/CSRF/CsrfTokenTest.php
+ 6
2
View file @ e5d78a35
...@@ -36,7 +36,11 @@ class CsrfTokenTest extends \Test\TestCase { ...@@ -36,7 +36,11 @@ class CsrfTokenTest extends \Test\TestCase {
} }
public function testGetDecryptedValue() { public function testGetDecryptedValue() {
$csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); $a = 'abc';
$this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue()); $b = 'def';
$xorB64 = 'BQcF';
$tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
$csrfToken = new \OC\Security\CSRF\CsrfToken($tokenVal);
$this->assertSame($b, $csrfToken->getDecryptedValue());
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment