GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[SECURITY] Fix error in user registering where password wasn't hashed

Browse Source
This commit is contained in:
Hugo Sales
2020-08-19 14:00:57 +00:00
committed by Hugo Sales
parent 1b350d51fc
commit de22f18abf
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Controller/Security.php
View File

@@ -82,11 +82,14 @@ class Security extends Controller
}
$actor = GSActor::create(['nickname' => $data['nickname']]);
$user = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]);
$user = LocalUser::create([
'nickname' => $data['nickname'],
'email' => $data['email'],
'password' => LocalUser::hashPassword($data['password']),
]);
DB::persist($user);
DB::persist($actor);
DB::flush();
// generate a signed url and email it to the user
if (Common::config('site', 'use_email')) {
@@ -103,6 +106,8 @@ class Security extends Controller
$user->setIsEmailVerified(true);
}
DB::flush();
return $guard_handler->authenticateUserAndHandleSuccess(
$user,
$request,