[SECURITY] Fix error in user registering where password wasn't hashed

2020-08-19 14:00:57 +00:00 · 2020-08-19 14:00:57 +00:00 · de22f18abf
parent 1b350d51fc
commit de22f18abf
2 changed files with 9 additions and 4 deletions
--- a/src/Controller/Security.php
+++ b/src/Controller/Security.php
@ -82,11 +82,14 @@ class Security extends Controller
            }

            $actor = GSActor::create(['nickname' => $data['nickname']]);
-            $user  = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]);
+            $user  = LocalUser::create([
+                'nickname' => $data['nickname'],
+                'email'    => $data['email'],
+                'password' => LocalUser::hashPassword($data['password']),
+            ]);

            DB::persist($user);
            DB::persist($actor);
-            DB::flush();

            // generate a signed url and email it to the user
            if (Common::config('site', 'use_email')) {
@ -103,6 +106,8 @@ class Security extends Controller
                $user->setIsEmailVerified(true);
            }

+            DB::flush();
+
            return $guard_handler->authenticateUserAndHandleSuccess(
                $user,
                $request,
--- a/src/Entity/LocalUser.php
+++ b/src/Entity/LocalUser.php
@ -306,12 +306,12 @@ class LocalUser extends Entity implements UserInterface
    public function changePassword(string $new_password, bool $override = false): void
    {
        if ($override || $this->checkPassword($new_password)) {
-            $this->setPassword($this->hashPassword($new_password));
+            $this->setPassword(self::hashPassword($new_password));
            DB::flush();
        }
    }

-    public function hashPassword(string $password)
+    public static function hashPassword(string $password)
    {
        $algorithm = self::algoNameToConstant(Common::config('security', 'algorithm'));
        $options   = Common::config('security', 'options');