D5074.1775310965.diff
No OneTemporary
Actions

Authored By

Unknown

Size

2 KB

Referenced Files

None

Subscribers

None

D5074.1775310965.diff
View Options

	diff --git a/src/app/Http/Controllers/API/V4/NGINXController.php b/src/app/Http/Controllers/API/V4/NGINXController.php
	--- a/src/app/Http/Controllers/API/V4/NGINXController.php
	+++ b/src/app/Http/Controllers/API/V4/NGINXController.php
	@@ -76,15 +76,6 @@
	throw new \Exception("No client ip");
	}

	- if ($userid = AuthUtils::tokenValidate($password)) {
	- $user = User::find($userid);
	- if ($user && $user->email == $login) {
	- return $user;
	- }
	-
	- throw new \Exception("Password mismatch");
	- }
	-
	$result = User::findAndAuthenticate($login, $password, $clientIP);

	if (empty($result['user'])) {
	diff --git a/src/app/User.php b/src/app/User.php
	--- a/src/app/User.php
	+++ b/src/app/User.php
	@@ -3,6 +3,7 @@
	namespace App;

	use App\AuthAttempt;
	+use App\Auth\Utils as AuthUtils;
	use App\Traits\AliasesTrait;
	use App\Traits\BelongsToTenantTrait;
	use App\Traits\EntitleableTrait;
	@@ -721,6 +722,13 @@
	{
	$authenticated = false;

	+ if ($userid = AuthUtils::tokenValidate($password)) {
	+ if ($this->id == $userid) {
	+ return true;
	+ }
	+ return false;
	+ }
	+
	if ($this->email === \strtolower($username)) {
	if (!empty($this->password)) {
	if (Hash::check($password, $this->password)) {
	diff --git a/src/tests/Unit/UserTest.php b/src/tests/Unit/UserTest.php
	--- a/src/tests/Unit/UserTest.php
	+++ b/src/tests/Unit/UserTest.php
	@@ -2,8 +2,8 @@

	namespace Tests\Unit;

	+use App\Auth\Utils as AuthUtils;
	use App\User;
	-use App\Wallet;
	use Tests\TestCase;

	class UserTest extends TestCase
	@@ -47,6 +47,7 @@
	{
	$user = new User(['email' => 'user@email.com']);
	$user->password = 'test';
	+ $user->id = 1;

	$this->assertSame(true, $user->validateCredentials('user@email.com', 'test'));
	$this->assertSame(false, $user->validateCredentials('user@email.com', 'wrong'));
	@@ -63,6 +64,14 @@

	$this->assertSame(true, $ldapUser->validateCredentials('user2@email.com', 'test', false));
	$ldapUser->delete();
	+
	+ // Ensure we validate a token for the user:
	+ $token = AuthUtils::tokenCreate($user->id);
	+ $this->assertTrue($user->validateCredentials($user->email, $token));
	+
	+ // Ensure we don't validate token for another user:
	+ $token = AuthUtils::tokenCreate(2);
	+ $this->assertFalse($user->validateCredentials($user->email, $token));
	}

	/**

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 4, 1:56 PM (21 h, 15 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18829749
Default Alt Text: D5074.1775310965.diff (2 KB)

D5074.1775310965.diffNo OneTemporaryActions

D5074.1775310965.diffView Options

File Metadata

Event Timeline

D5074.1775310965.diff
No OneTemporary
Actions

D5074.1775310965.diff
View Options