[SECURITY] Fix error in user registering where password wasn't hashed

This commit is contained in:
Hugo Sales 2020-08-19 14:00:57 +00:00 committed by Hugo Sales
parent fc6bb1ddf6
commit d66ec9d85c
2 changed files with 9 additions and 4 deletions

View File

@ -82,11 +82,14 @@ class Security extends Controller
} }
$actor = GSActor::create(['nickname' => $data['nickname']]); $actor = GSActor::create(['nickname' => $data['nickname']]);
$user = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]); $user = LocalUser::create([
'nickname' => $data['nickname'],
'email' => $data['email'],
'password' => LocalUser::hashPassword($data['password']),
]);
DB::persist($user); DB::persist($user);
DB::persist($actor); DB::persist($actor);
DB::flush();
// generate a signed url and email it to the user // generate a signed url and email it to the user
if (Common::config('site', 'use_email')) { if (Common::config('site', 'use_email')) {
@ -103,6 +106,8 @@ class Security extends Controller
$user->setIsEmailVerified(true); $user->setIsEmailVerified(true);
} }
DB::flush();
return $guard_handler->authenticateUserAndHandleSuccess( return $guard_handler->authenticateUserAndHandleSuccess(
$user, $user,
$request, $request,

View File

@ -306,12 +306,12 @@ class LocalUser extends Entity implements UserInterface
public function changePassword(string $new_password, bool $override = false): void public function changePassword(string $new_password, bool $override = false): void
{ {
if ($override || $this->checkPassword($new_password)) { if ($override || $this->checkPassword($new_password)) {
$this->setPassword($this->hashPassword($new_password)); $this->setPassword(self::hashPassword($new_password));
DB::flush(); DB::flush();
} }
} }
public function hashPassword(string $password) public static function hashPassword(string $password)
{ {
$algorithm = self::algoNameToConstant(Common::config('security', 'algorithm')); $algorithm = self::algoNameToConstant(Common::config('security', 'algorithm'));
$options = Common::config('security', 'options'); $options = Common::config('security', 'options');