Home Explore Help
Register Sign In
RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Files Issues 21 Wiki
Browse Source

Merge pull request #16782 from nextcloud/fix/16729/stop-if-encrypted-token-null

Stop if there is no encrypted token
blizzz 4 years ago
parent
dd02920aed 9c4c5ee818
commit
6d20876eb2
2 changed files with 22 additions and 2 deletions
Split View Show Diff Stats
  1. 5 1
      core/Controller/LostController.php
  2. 17 1
      tests/Core/Controller/LostControllerTest.php

+ 5 - 1
core/Controller/LostController.php
View File 

@@ -194,8 +194,12 @@ class LostController extends Controller {
 
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 
 		}
 
 
+		$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
 
+		if ($encryptedToken === null) {
 
+			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 
+		}
 
+
 
 		try {
 
-			$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
 
 			$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
 
 			$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
 
 		} catch (\Exception $e) {

+ 17 - 1
tests/Core/Controller/LostControllerTest.php
View File 

@@ -699,6 +699,22 @@ class LostControllerTest extends \Test\TestCase {
 
 		$this->assertSame($expectedResponse, $response);
 
 	}
 
 
+	public function testIsSetPasswordTokenNullFailing() {
 
+		$this->config->method('getUserValue')
 
+			->with('ValidTokenUser', 'core', 'lostpassword', null)
 
+			->willReturn(null);
 
+		$this->userManager->method('get')
 
+			->with('ValidTokenUser')
 
+			->willReturn($this->existingUser);
 
+
 
+		$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
 
+		$expectedResponse = [
 
+			'status' => 'error',
 
+			'msg' => 'Couldn\'t reset password because the token is invalid'
 
+		];
 
+		$this->assertSame($expectedResponse, $response);
 
+	}
 
+
 
 	public function testSetPasswordForDisabledUser() {
 
 		$user = $this->createMock(IUser::class);
 
 		$user->expects($this->any())
 
@@ -712,7 +728,7 @@ class LostControllerTest extends \Test\TestCase {
 
 			->willReturn('encryptedData');
 
 		$this->userManager->method('get')
 
 			->with('DisabledUser')
 
-			->willReturn($this->existingUser);
 
+			->willReturn($user);
 
 
 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
 
 		$expectedResponse = [