From de22f18abfe2b1fc32bb59141eadb9f994fef5b4 Mon Sep 17 00:00:00 2001 From: Hugo Sales Date: Wed, 19 Aug 2020 14:00:57 +0000 Subject: [PATCH] [SECURITY] Fix error in user registering where password wasn't hashed --- src/Controller/Security.php | 9 +++++++-- src/Entity/LocalUser.php | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Controller/Security.php b/src/Controller/Security.php index 10b9d6618b..c4833632a9 100644 --- a/src/Controller/Security.php +++ b/src/Controller/Security.php @@ -82,11 +82,14 @@ class Security extends Controller } $actor = GSActor::create(['nickname' => $data['nickname']]); - $user = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]); + $user = LocalUser::create([ + 'nickname' => $data['nickname'], + 'email' => $data['email'], + 'password' => LocalUser::hashPassword($data['password']), + ]); DB::persist($user); DB::persist($actor); - DB::flush(); // generate a signed url and email it to the user if (Common::config('site', 'use_email')) { @@ -103,6 +106,8 @@ class Security extends Controller $user->setIsEmailVerified(true); } + DB::flush(); + return $guard_handler->authenticateUserAndHandleSuccess( $user, $request, diff --git a/src/Entity/LocalUser.php b/src/Entity/LocalUser.php index 9110e379a8..e9f415a533 100644 --- a/src/Entity/LocalUser.php +++ b/src/Entity/LocalUser.php @@ -306,12 +306,12 @@ class LocalUser extends Entity implements UserInterface public function changePassword(string $new_password, bool $override = false): void { if ($override || $this->checkPassword($new_password)) { - $this->setPassword($this->hashPassword($new_password)); + $this->setPassword(self::hashPassword($new_password)); DB::flush(); } } - public function hashPassword(string $password) + public static function hashPassword(string $password) { $algorithm = self::algoNameToConstant(Common::config('security', 'algorithm')); $options = Common::config('security', 'options');