diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2020-05-27 11:18:58 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-27 11:18:58 +0300 |
| commit | c7c7433f11f16d6b9160dc38c646a6b7f9df0fdf (patch) | |
| tree | c1be4db5f56245cd4e781d90860aaff12ec2574c | |
| parent | fdb58f1852676eaa758a4d161dc6e08961043dac (diff) | |
| parent | 292d8c3d9c6c1d9055bbe0178418fa06c031e276 (diff) | |
Merge pull request #21115 from nextcloud/backport/21106/stable18
[stable18] use the loginname to verify the old password in user password changes
| -rw-r--r-- | apps/settings/lib/Controller/ChangePasswordController.php | 3 | ||||
| -rw-r--r-- | tests/Core/Controller/ChangePasswordControllerTest.php | 32 |
2 files changed, 29 insertions, 6 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index c374b3ff8bf..63238771de5 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -113,8 +113,9 @@ class ChangePasswordController extends Controller { * @BruteForceProtection(action=changePersonalPassword) */ public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { + $loginName = $this->userSession->getLoginName(); /** @var IUser $user */ - $user = $this->userManager->checkPassword($this->userId, $oldpassword); + $user = $this->userManager->checkPassword($loginName, $oldpassword); if ($user === false) { $response = new JSONResponse([ 'status' => 'error', diff --git a/tests/Core/Controller/ChangePasswordControllerTest.php b/tests/Core/Controller/ChangePasswordControllerTest.php index a55b0bc232e..3e0cd1b64b1 100644 --- a/tests/Core/Controller/ChangePasswordControllerTest.php +++ b/tests/Core/Controller/ChangePasswordControllerTest.php @@ -36,6 +36,8 @@ use OCP\IUserManager; class ChangePasswordControllerTest extends \Test\TestCase { /** @var string */ private $userId = 'currentUser'; + /** @var string */ + private $loginName = 'ua1337'; /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ private $userManager; /** @var Session|\PHPUnit_Framework_MockObject_MockObject */ @@ -75,9 +77,13 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordWrongPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn(false); $expects = new JSONResponse([ @@ -93,10 +99,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordCommonPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $user->expects($this->once()) @@ -116,10 +126,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordNoNewPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $expects = [ @@ -132,10 +146,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPasswordCantSetPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $user->expects($this->once()) @@ -152,10 +170,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { } public function testChangePersonalPassword() { + $this->userSession->expects($this->once()) + ->method('getLoginName') + ->willReturn($this->loginName); + $user = $this->getMockBuilder(IUser::class)->getMock(); $this->userManager->expects($this->once()) ->method('checkPassword') - ->with($this->userId, 'old') + ->with($this->loginName, 'old') ->willReturn($user); $user->expects($this->once()) |