Merge pull request #35605 from nextcloud/backport/stable25/31499

PVince81 · web-flow · commit 9eb99ecbaba0 · 2022-12-05T20:02:00.000+01:00
[stable25]  Add fallback routines for empty secret cases
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -119,8 +119,14 @@ public function getToken(string $tokenId): IToken {
 				$token = $this->mapper->getToken($this->hashToken($tokenId));
 				$this->cache[$token->getToken()] = $token;
 			} catch (DoesNotExistException $ex) {
-				$this->cache[$tokenHash] = $ex;
-				throw new InvalidTokenException("Token does not exist: " . $ex->getMessage(), 0, $ex);
+				try {
+					$token = $this->mapper->getToken($this->hashTokenWithEmptySecret($tokenId));
+					$this->cache[$token->getToken()] = $token;
+					$this->rotate($token, $tokenId, $tokenId);
+				} catch (DoesNotExistException $ex2) {
+					$this->cache[$tokenHash] = $ex2;
+					throw new InvalidTokenException("Token does not exist: " . $ex->getMessage(), 0, $ex);
+				}
 			}
 		}
 
@@ -198,6 +204,7 @@ public function invalidateToken(string $token) {
 		$this->cache->clear();
 
 		$this->mapper->invalidate($this->hashToken($token));
+		$this->mapper->invalidate($this->hashTokenWithEmptySecret($token));
 	}
 
 	public function invalidateTokenById(string $uid, int $id) {
@@ -314,9 +321,14 @@ private function decrypt(string $cipherText, string $token): string {
 		try {
 			return $this->crypto->decrypt($cipherText, $token . $secret);
 		} catch (\Exception $ex) {
-			// Delete the invalid token
-			$this->invalidateToken($token);
-			throw new InvalidTokenException("Could not decrypt token password: " . $ex->getMessage(), 0, $ex);
+			// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
+			try {
+				return $this->crypto->decrypt($cipherText, $token);
+			} catch (\Exception $ex2) {
+				// Delete the invalid token
+				$this->invalidateToken($token);
+				throw new InvalidTokenException("Could not decrypt token password: " . $ex->getMessage(), 0, $ex2);
+			}
 		}
 	}
 
@@ -339,6 +351,13 @@ private function hashToken(string $token): string {
 		return hash('sha512', $token . $secret);
 	}
 
+	/**
+	 * @deprecated Fallback for instances where the secret might not have been set by accident
+	 */
+	private function hashTokenWithEmptySecret(string $token): string {
+		return hash('sha512', $token);
+	}
+
 	/**
 	 * @throws \RuntimeException when OpenSSL reports a problem
 	 */
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
@@ -122,9 +122,22 @@ public function encrypt(string $plaintext, string $password = ''): string {
 	 * @throws Exception If the decryption failed
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
+		$secret = $this->config->getSystemValue('secret');
+		try {
+			if ($password === '') {
+				return $this->decryptWithoutSecret($authenticatedCiphertext, $secret);
+			}
+			return $this->decryptWithoutSecret($authenticatedCiphertext, $password);
+		} catch (Exception $e) {
+			if ($password === '') {
+				// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
+				return $this->decryptWithoutSecret($authenticatedCiphertext, '');
+			}
+			throw $e;
 		}
+	}
+
+	private function decryptWithoutSecret(string $authenticatedCiphertext, string $password = ''): string {
 		$hmacKey = $encryptionKey = $password;
 
 		$parts = explode('|', $authenticatedCiphertext);
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php
@@ -137,6 +137,15 @@ protected function legacyHashVerify($message, $hash, &$newHash = null): bool {
 			return true;
 		}
 
+		// Verify whether it matches a legacy PHPass or SHA1 string
+		// Retry with empty passwordsalt for cases where it was not set
+		$hashLength = \strlen($hash);
+		if (($hashLength === 60 && password_verify($message, $hash)) ||
+			($hashLength === 40 && hash_equals($hash, sha1($message)))) {
+			$newHash = $this->hash($message);
+			return true;
+		}
+
 		return false;
 	}
 
diff --git a/lib/private/Security/VerificationToken/VerificationToken.php b/lib/private/Security/VerificationToken/VerificationToken.php
@@ -84,10 +84,15 @@ public function check(string $token, ?IUser $user, string $subject, string $pass
 		try {
 			$decryptedToken = $this->crypto->decrypt($encryptedToken, $passwordPrefix.$this->config->getSystemValue('secret'));
 		} catch (\Exception $e) {
-			$this->throwInvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR);
+			// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
+			try {
+				$decryptedToken = $this->crypto->decrypt($encryptedToken, $passwordPrefix);
+			} catch (\Exception $e2) {
+				$this->throwInvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR);
+			}
 		}
 
-		$splitToken = explode(':', $decryptedToken ?? '');
+		$splitToken = explode(':', $decryptedToken);
 		if (count($splitToken) !== 2) {
 			$this->throwInvalidTokenException(InvalidTokenException::TOKEN_INVALID_FORMAT);
 		}
diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
@@ -310,9 +310,12 @@ public function testSetPasswordInvalidToken() {
 	}
 
 	public function testInvalidateToken() {
-		$this->mapper->expects($this->once())
+		$this->mapper->expects($this->at(0))
 			->method('invalidate')
 			->with(hash('sha512', 'token7'.'1f4h9s'));
+		$this->mapper->expects($this->at(1))
+			->method('invalidate')
+			->with(hash('sha512', 'token7'));
 
 		$this->tokenProvider->invalidateToken('token7');
 	}
@@ -443,13 +446,22 @@ public function testGetToken(): void {
 	public function testGetInvalidToken() {
 		$this->expectException(InvalidTokenException::class);
 
-		$this->mapper->method('getToken')
+		$this->mapper->expects($this->at(0))
+			->method('getToken')
 			->with(
-				$this->callback(function (string $token) {
+				$this->callback(function (string $token): bool {
 					return hash('sha512', 'unhashedToken'.'1f4h9s') === $token;
 				})
 			)->willThrowException(new DoesNotExistException('nope'));
 
+		$this->mapper->expects($this->at(1))
+			->method('getToken')
+			->with(
+				$this->callback(function (string $token): bool {
+					return hash('sha512', 'unhashedToken') === $token;
+				})
+			)->willThrowException(new DoesNotExistException('nope'));
+
 		$this->tokenProvider->getToken('unhashedToken');
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -137,6 +137,15 @@ protected function legacyHashVerify($message, $hash, &$newHash = null): bool {`
`137`	`137`	`return true;`
`138`	`138`	`}`
`139`	`139`
	`140`	`+ // Verify whether it matches a legacy PHPass or SHA1 string`
	`141`	`+ // Retry with empty passwordsalt for cases where it was not set`
	`142`	`+ $hashLength = \strlen($hash);`
	`143`	`+ if (($hashLength === 60 && password_verify($message, $hash)) \|\|`
	`144`	`+ ($hashLength === 40 && hash_equals($hash, sha1($message)))) {`
	`145`	`+ $newHash = $this->hash($message);`
	`146`	`+ return true;`
	`147`	`+ }`
	`148`	`+`
`140`	`149`	`return false;`
`141`	`150`	`}`
`142`	`151`