Skip to content

Commit a994ef0

Browse files
skjnldsvskjnldsv
authored
Merge pull request #28792 from nextcloud/fix/noid/lost-password-missing-prefix
fixes missing prefix to validate password reset token
2 parents 58891a9 + 6857136 commit a994ef0

File tree

2 files changed

+7
-3
lines changed

2 files changed

+7
-3
lines changed

core/Controller/LostController.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,8 @@ public function resetform($token, $userId) {
172172
*/
173173
protected function checkPasswordResetToken(string $token, string $userId): void {
174174
try {
175-
$this->verificationToken->check($token, $this->userManager->get($userId), 'lostpassword', '', true);
175+
$user = $this->userManager->get($userId);
176+
$this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true);
176177
} catch (InvalidTokenException $e) {
177178
$error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED
178179
? $this->l10n->t('Could not reset password because the token is expired')

tests/Core/Controller/LostControllerTest.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ public function testResetFormTokenError() {
153153
->willReturn($this->existingUser);
154154
$this->verificationToken->expects($this->once())
155155
->method('check')
156-
->with('12345:MySecretToken', $this->existingUser, 'lostpassword')
156+
->with('12345:MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com')
157157
->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR));
158158

159159
$response = $this->lostController->resetform('12345:MySecretToken', 'ValidTokenUser');
@@ -174,7 +174,7 @@ public function testResetFormValidToken() {
174174
->willReturn($this->existingUser);
175175
$this->verificationToken->expects($this->once())
176176
->method('check')
177-
->with('MySecretToken', $this->existingUser, 'lostpassword');
177+
->with('MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com');
178178

179179
$response = $this->lostController->resetform('MySecretToken', 'ValidTokenUser');
180180
$expectedResponse = new TemplateResponse('core',
@@ -513,6 +513,9 @@ public function testSetPasswordForDisabledUser() {
513513
->willReturn(false);
514514
$user->expects($this->never())
515515
->method('setPassword');
516+
$user->expects($this->any())
517+
->method('getEMailAddress')
518+
->willReturn('random@example.org');
516519

517520
$this->config->method('getUserValue')
518521
->with('ValidTokenUser', 'core', 'lostpassword', null)

0 commit comments

Comments
 (0)