Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix app password updating out of bounds #22524

Merged
merged 1 commit into from
Sep 3, 2020
Merged

Fix app password updating out of bounds #22524

merged 1 commit into from
Sep 3, 2020

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Aug 31, 2020

When your password changes out of bounds your Nextcloud tokens will
become invalid. There is no real way around that. However we should make
sure that if you successfully log in again your passwords are all
updates

  • Added event listener to the PostLoggedInEvent so that we can act on it
    • Only if it is not a token login
  • Make sure that we actually reset the invalid state when we update a
    token. Else it keeps being marked invalid and thus not used.

Signed-off-by: Roeland Jago Douma [email protected]

@rullzer rullzer added bug 3. to review Waiting for reviews labels Aug 31, 2020
@rullzer rullzer added this to the Nextcloud 20 milestone Aug 31, 2020
kesselb
kesselb reviewed Aug 31, 2020
View reviewed changes
lib/private/Authentication/Listeners/UserLoggedInListener.php
@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
declare(strict_types=1);
declare(strict_types=1);

lib/private/Authentication/Listeners/UserLoggedInListener.php Outdated

$this->manager->updatePasswords($event->getUser()->getUID(), $event->getPassword());
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

@rullzer rullzer mentioned this pull request Sep 1, 2020
Merged
21 tasks
nickvergessen
nickvergessen approved these changes Sep 3, 2020
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@rullzer rullzer mentioned this pull request Sep 3, 2020
Merged
13 tasks
@faily-bot
Copy link

faily-bot bot commented Sep 3, 2020

🤖 beep boop beep 🤖

Here are the logs for the failed build:

Status of 32588: failure

mariadb10.4-php7.3

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There was 1 failure:

1) Test\Share20\DefaultShareProviderTest::testDeleteSingleShare
Failed asserting that an array is empty.

/drone/src/tests/lib/Share20/DefaultShareProviderTest.php:486

mysql5.6-php7.2

Could not fetch logs

@rullzer
Fix app password updating out of bounds
0452877 
When your password changes out of bounds your Nextcloud tokens will
become invalid. There is no real way around that. However we should make
sure that if you successfully log in again your passwords are all
updates

* Added event listener to the PostLoggedInEvent so that we can act on it
  - Only if it is not a token login
* Make sure that we actually reset the invalid state when we update a
  token. Else it keeps being marked invalid and thus not used.

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer force-pushed the fix/apppassword_update branch from b316fdf to 0452877 Compare September 3, 2020 19:13
@rullzer rullzer added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Sep 3, 2020
@rullzer rullzer merged commit 7b6f685 into master Sep 3, 2020
@rullzer rullzer deleted the fix/apppassword_update branch September 3, 2020 20:00
@rullzer
Copy link
Member Author

rullzer commented Sep 3, 2020

/backport to stable19

@rullzer
Copy link
Member Author

rullzer commented Sep 3, 2020

/backport to stable18

This was referenced Sep 3, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kesselb kesselb kesselb left review comments

@nickvergessen nickvergessen nickvergessen approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish bug
Projects
None yet
Milestone
Nextcloud 20
Development

Successfully merging this pull request may close these issues.
4 participants
@rullzer @nickvergessen @ChristophWurst @kesselb