Unverified Commit b805908d authored by Christoph Wurst's avatar Christoph Wurst
Browse files

update session token password on user password change

parent 0e575c7e
......@@ -150,6 +150,23 @@ class DefaultTokenProvider implements IProvider {
return $this->decryptPassword($password, $tokenId);
}
/**
* Encrypt and set the password of the given token
*
* @param IToken $token
* @param string $tokenId
* @param string $password
* @throws InvalidTokenException
*/
public function setPassword(IToken $token, $tokenId, $password) {
if (!($token instanceof DefaultToken)) {
throw new InvalidTokenException();
}
/** @var DefaultToken $token */
$token->setPassword($this->encryptPassword($password, $tokenId));
$this->mapper->update($token);
}
/**
* Invalidate (delete) the given session token
*
......
......@@ -99,4 +99,14 @@ interface IProvider {
* @return string
*/
public function getPassword(IToken $token, $tokenId);
/**
* Encrypt and set the password of the given token
*
* @param IToken $token
* @param string $tokenId
* @param string $password
* @throws InvalidTokenException
*/
public function setPassword(IToken $token, $tokenId, $password);
}
......@@ -676,4 +676,21 @@ class Session implements IUserSession, Emitter {
setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
}
/**
* Update password of the browser session token if there is one
*
* @param string $password
*/
public function updateSessionTokenPassword($password) {
try {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->getToken($sessionId);
$this->tokenProvider->setPassword($token, $sessionId, $password);
} catch (SessionNotAvailableException $ex) {
// Nothing to do
} catch (InvalidTokenException $ex) {
// Nothing to do
}
}
}
......@@ -46,6 +46,7 @@ class Controller {
exit();
}
if (!is_null($password) && \OC_User::setPassword($username, $password)) {
\OC::$server->getUserSession()->updateSessionTokenPassword($username, $password);
\OC_JSON::success();
} else {
\OC_JSON::error();
......
......@@ -175,6 +175,39 @@ class DefaultTokenProviderTest extends TestCase {
$tokenProvider->getPassword($tk, $token);
}
public function testSetPassword() {
$token = new DefaultToken();
$tokenId = 'token123';
$password = '123456';
$this->config->expects($this->once())
->method('getSystemValue')
->with('secret')
->will($this->returnValue('ocsecret'));
$this->crypto->expects($this->once())
->method('encrypt')
->with($password, $tokenId . 'ocsecret')
->will($this->returnValue('encryptedpassword'));
$this->mapper->expects($this->once())
->method('update')
->with($token);
$this->tokenProvider->setPassword($token, $tokenId, $password);
$this->assertEquals('encryptedpassword', $token->getPassword());
}
/**
* @expectedException \OC\Authentication\Exceptions\InvalidTokenException
*/
public function testSetPasswordInvalidToken() {
$token = $this->getMock('\OC\Authentication\Token\IToken');
$tokenId = 'token123';
$password = '123456';
$this->tokenProvider->setPassword($token, $tokenId, $password);
}
public function testInvalidateToken() {
$this->mapper->expects($this->once())
->method('invalidate')
......
......@@ -818,4 +818,69 @@ class SessionTest extends \Test\TestCase {
$this->invokePrivate($userSession, 'validateSession', [$user]);
}
public function testUpdateSessionTokenPassword() {
$userManager = $this->getMock('\OCP\IUserManager');
$session = $this->getMock('\OCP\ISession');
$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config);
$password = '123456';
$sessionId ='session1234';
$token = new \OC\Authentication\Token\DefaultToken();
$session->expects($this->once())
->method('getId')
->will($this->returnValue($sessionId));
$tokenProvider->expects($this->once())
->method('getToken')
->with($sessionId)
->will($this->returnValue($token));
$tokenProvider->expects($this->once())
->method('setPassword')
->with($token, $sessionId, $password);
$userSession->updateSessionTokenPassword($password);
}
public function testUpdateSessionTokenPasswordNoSessionAvailable() {
$userManager = $this->getMock('\OCP\IUserManager');
$session = $this->getMock('\OCP\ISession');
$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config);
$session->expects($this->once())
->method('getId')
->will($this->throwException(new \OCP\Session\Exceptions\SessionNotAvailableException()));
$userSession->updateSessionTokenPassword('1234');
}
public function testUpdateSessionTokenPasswordInvalidTokenException() {
$userManager = $this->getMock('\OCP\IUserManager');
$session = $this->getMock('\OCP\ISession');
$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config);
$password = '123456';
$sessionId ='session1234';
$token = new \OC\Authentication\Token\DefaultToken();
$session->expects($this->once())
->method('getId')
->will($this->returnValue($sessionId));
$tokenProvider->expects($this->once())
->method('getToken')
->with($sessionId)
->will($this->returnValue($token));
$tokenProvider->expects($this->once())
->method('setPassword')
->with($token, $sessionId, $password)
->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
$userSession->updateSessionTokenPassword($password);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment