sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(loginflow): Fix type error when password could not be decrypted 

Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/52624/head
Joas Schilling 2025-05-02 13:55:10 +07:00
parent 7477544cf5
commit e12b2d4b4a
No known key found for this signature in database
GPG Key ID: F72FA5B49FFA96B0
2 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/Service/LoginFlowV2Service.php
Unescape Escape View File

@ -62,8 +62,12 @@ class LoginFlowV2Service {
try {
// Decrypt the apptoken
$privateKey = $this->crypto->decrypt($data->getPrivateKey(), $pollToken);
$appPassword = $this->decryptPassword($data->getAppPassword(), $privateKey);
} catch (\Exception $e) {
} catch (\Exception) {
throw new LoginFlowV2NotFoundException('Apptoken could not be decrypted');
}
$appPassword = $this->decryptPassword($data->getAppPassword(), $privateKey);
if ($appPassword === null) {
throw new LoginFlowV2NotFoundException('Apptoken could not be decrypted');
}
@ -230,10 +234,10 @@ class LoginFlowV2Service {
return $encryptedPassword;
}
private function decryptPassword(string $encryptedPassword, string $privateKey): string {
private function decryptPassword(string $encryptedPassword, string $privateKey): ?string {
$encryptedPassword = base64_decode($encryptedPassword);
openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
$success = openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
return $password;
return $success ? $password : null;
}
}

34
tests/Core/Service/LoginFlowV2ServiceUnitTest.php
Unescape Escape View File

@ -128,10 +128,14 @@ class LoginFlowV2ServiceUnitTest extends TestCase {
* Tests for poll
*/
public function testPollApptokenCouldNotBeDecrypted() {
public function testPollPrivateKeyCouldNotBeDecrypted(): void {
$this->expectException(LoginFlowV2NotFoundException::class);
$this->expectExceptionMessage('Apptoken could not be decrypted');
$this->crypto->expects($this->once())
->method('decrypt')
->willThrowException(new \Exception('HMAC mismatch'));
/*
* Cannot be mocked, because functions like getLoginName are magic functions.
* To be able to set internal properties, we have to use the real class here.
@ -149,6 +153,34 @@ class LoginFlowV2ServiceUnitTest extends TestCase {
$this->subjectUnderTest->poll('');
}
public function testPollApptokenCouldNotBeDecrypted(): void {
$this->expectException(LoginFlowV2NotFoundException::class);
$this->expectExceptionMessage('Apptoken could not be decrypted');
/*
* Cannot be mocked, because functions like getLoginName are magic functions.
* To be able to set internal properties, we have to use the real class here.
*/
[$encrypted, $privateKey,] = $this->getOpenSSLEncryptedPublicAndPrivateKey('test');
$loginFlowV2 = new LoginFlowV2();
$loginFlowV2->setLoginName('test');
$loginFlowV2->setServer('test');
$loginFlowV2->setAppPassword('broken#' . $encrypted);
$loginFlowV2->setPrivateKey('encrypted(test)');
$this->crypto->expects($this->once())
->method('decrypt')
->willReturn($privateKey);
$this->mapper->expects($this->once())
->method('getByPollToken')
->willReturn($loginFlowV2);
$this->subjectUnderTest->poll('test');
}
public function testPollInvalidToken() {
$this->expectException(LoginFlowV2NotFoundException::class);
$this->expectExceptionMessage('Invalid token');