Merge pull request #51130 from nextcloud/fix/credential-passwordless-…

…auth fix: Do not build encrypted password if there is none
nextcloud · Mar 7, 2025 · bb6b462 · bb6b462
2 parents 49e52c1 + 777cd94
commit bb6b462
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 5 deletions.
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
@@ -50,7 +50,9 @@ public function __construct(
 	 * @param array $params
 	 */
 	public function authenticate(array $params) {
-		$params['password'] = $this->crypto->encrypt((string)$params['password']);
+		if ($params['password'] !== null) {
+			$params['password'] = $this->crypto->encrypt((string)$params['password']);
+		}
 		$this->session->set('login_credentials', json_encode($params));
 	}
 
@@ -97,10 +99,12 @@ public function getLoginCredentials(): ICredentials {
 		if ($trySession && $this->session->exists('login_credentials')) {
 			/** @var array $creds */
 			$creds = json_decode($this->session->get('login_credentials'), true);
-			try {
-				$creds['password'] = $this->crypto->decrypt($creds['password']);
-			} catch (Exception $e) {
-				//decryption failed, continue with old password as it is
+			if ($creds['password'] !== null) {
+				try {
+					$creds['password'] = $this->crypto->decrypt($creds['password']);
+				} catch (Exception $e) {
+					//decryption failed, continue with old password as it is
+				}
 			}
 			return new Credentials(
 				$creds['uid'],

diff --git a/tests/lib/Authentication/LoginCredentials/StoreTest.php b/tests/lib/Authentication/LoginCredentials/StoreTest.php
@@ -253,4 +253,44 @@ public function testGetLoginCredentialsPasswordlessToken(): void {
 
 		$this->store->getLoginCredentials();
 	}
+
+	public function testAuthenticatePasswordlessToken(): void {
+		$user = 'user987';
+		$password = null;
+
+		$params = [
+			'run' => true,
+			'loginName' => $user,
+			'uid' => $user,
+			'password' => $password,
+		];
+
+		$this->session->expects($this->once())
+			->method('set')
+			->with($this->equalTo('login_credentials'), $this->equalTo(json_encode($params)));
+
+
+		$this->session->expects($this->once())
+			->method('getId')
+			->willReturn('sess2233');
+		$this->tokenProvider->expects($this->once())
+			->method('getToken')
+			->with('sess2233')
+			->will($this->throwException(new PasswordlessTokenException()));
+
+		$this->session->expects($this->once())
+			->method('exists')
+			->with($this->equalTo('login_credentials'))
+			->willReturn(true);
+		$this->session->expects($this->once())
+			->method('get')
+			->with($this->equalTo('login_credentials'))
+			->willReturn(json_encode($params));
+
+		$this->store->authenticate($params);
+		$actual = $this->store->getLoginCredentials();
+
+		$expected = new Credentials($user, $user, $password);
+		$this->assertEquals($expected, $actual);
+	}
 }