From 702445ba3b454f14085710617ec09ce2134a56dc Mon Sep 17 00:00:00 2001 From: Carl Schwan Date: Wed, 13 Jul 2022 15:27:55 +0200 Subject: [PATCH] Handle one time password better Signed-off-by: Carl Schwan --- .../Authentication/Token/PublicKeyTokenProvider.php | 2 +- .../Token/PublicKeyTokenProviderTest.php | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 96bf9a8608798..26928025b233b 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -401,7 +401,7 @@ public function updatePasswords(string $uid, string $password) { $this->cache->clear(); // prevent setting an empty pw as result of pw-less-login - if ($password === '') { + if ($password === '' || !$this->config->getSystemValueBool('auth.storeCryptedPassword', true)) { return; } diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index db61244db5b65..1ef0aa80817b3 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -98,7 +98,7 @@ public function testGenerateToken() { $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token)); } - public function testGenerateTokenNoPassword() { + public function testGenerateTokenNoPassword(): void { $token = 'token'; $uid = 'user'; $user = 'User'; @@ -171,6 +171,10 @@ public function testUpdateToken() { ->method('updateActivity') ->with($tk, $this->time); $tk->setLastActivity($this->time - 200); + $this->config->method('getSystemValueBool') + ->willReturnMap([ + ['auth.storeCryptedPassword', true, true], + ]); $this->tokenProvider->updateTokenActivity($tk); @@ -578,6 +582,10 @@ public function testUpdatePasswords() { 'random2', IToken::PERMANENT_TOKEN, IToken::REMEMBER); + $this->config->method('getSystemValueBool') + ->willReturnMap([ + ['auth.storeCryptedPassword', true, true], + ]); $this->mapper->method('hasExpiredTokens') ->with($uid)