Skip to content

Commit

Permalink
Merge pull request #20505 from nextcloud/fix/noid/system-creds
Browse files Browse the repository at this point in the history
do not advertise nulled userId for for systemwide credentials
  • Loading branch information
blizzz authored Apr 16, 2020
2 parents 8971403 + 5437844 commit d55f418
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 9 deletions.
12 changes: 6 additions & 6 deletions lib/private/Security/CredentialsManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,15 @@ public function __construct(ICrypto $crypto, IDBConnection $dbConnection) {
/**
* Store a set of credentials
*
* @param string|null $userId Null for system-wide credentials
* @param string $userId empty string for system-wide credentials
* @param string $identifier
* @param mixed $credentials
*/
public function store($userId, $identifier, $credentials) {
$value = $this->crypto->encrypt(json_encode($credentials));

$this->dbConnection->setValues(self::DB_TABLE, [
'user' => $userId,
'user' => (string)$userId,
'identifier' => $identifier,
], [
'credentials' => $value,
Expand All @@ -71,15 +71,15 @@ public function store($userId, $identifier, $credentials) {
/**
* Retrieve a set of credentials
*
* @param string|null $userId Null for system-wide credentials
* @param string $userId empty string for system-wide credentials
* @param string $identifier
* @return mixed
*/
public function retrieve($userId, $identifier) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('credentials')
->from(self::DB_TABLE)
->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
;
$result = $qb->execute()->fetch();
Expand All @@ -95,14 +95,14 @@ public function retrieve($userId, $identifier) {
/**
* Delete a set of credentials
*
* @param string|null $userId Null for system-wide credentials
* @param string $userId empty string for system-wide credentials
* @param string $identifier
* @return int rows removed
*/
public function delete($userId, $identifier) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->delete(self::DB_TABLE)
->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
;
return $qb->execute();
Expand Down
6 changes: 3 additions & 3 deletions lib/public/Security/ICredentialsManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ interface ICredentialsManager {
/**
* Store a set of credentials
*
* @param string|null $userId Null for system-wide credentials
* @param string $userId empty string for system-wide credentials
* @param string $identifier
* @param mixed $credentials
* @since 8.2.0
Expand All @@ -43,7 +43,7 @@ public function store($userId, $identifier, $credentials);
/**
* Retrieve a set of credentials
*
* @param string|null $userId Null for system-wide credentials
* @param string $userId empty string for system-wide credentials
* @param string $identifier
* @return mixed
* @since 8.2.0
Expand All @@ -53,7 +53,7 @@ public function retrieve($userId, $identifier);
/**
* Delete a set of credentials
*
* @param string|null $userId Null for system-wide credentials
* @param string $userId empty string for system-wide credentials
* @param string $identifier
* @return int rows removed
* @since 8.2.0
Expand Down
33 changes: 33 additions & 0 deletions tests/lib/Security/CredentialsManagerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@
use OCP\ILogger;
use OCP\Security\ICrypto;

/**
* @group DB
*/
class CredentialsManagerTest extends \Test\TestCase {

/** @var ICrypto */
Expand Down Expand Up @@ -106,4 +109,34 @@ public function testRetrieve() {

$this->manager->retrieve($userId, $identifier);
}

/**
* @dataProvider credentialsProvider
*/
public function testWithDB($userId, $identifier) {
$credentialsManager = \OC::$server->getCredentialsManager();

$secrets = 'Open Sesame';

$credentialsManager->store($userId, $identifier, $secrets);
$received = $credentialsManager->retrieve($userId, $identifier);

$this->assertSame($secrets, $received);

$removedRows = $credentialsManager->delete($userId, $identifier);
$this->assertSame(1, $removedRows);
}

public function credentialsProvider() {
return [
[
'alice',
'privateCredentials'
],
[
'',
'systemCredentials',
],
];
}
}

0 comments on commit d55f418

Please sign in to comment.