eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

[SECURITY] Fix error in user registering where password wasn't hashed

Browse Source
This commit is contained in:
Hugo Sales 2020-08-19 14:00:57 +00:00 committed by Hugo Sales
parent 1b350d51fc
commit de22f18abf
Signed by untrusted user: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Controller/Security.php
View File

@ -82,11 +82,14 @@ class Security extends Controller
}
$actor = GSActor::create(['nickname' => $data['nickname']]);
$user = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]);
$user = LocalUser::create([
'nickname' => $data['nickname'],
'email' => $data['email'],
'password' => LocalUser::hashPassword($data['password']),
]);
DB::persist($user);
DB::persist($actor);
DB::flush();
// generate a signed url and email it to the user
if (Common::config('site', 'use_email')) {
@ -103,6 +106,8 @@ class Security extends Controller
$user->setIsEmailVerified(true);
}
DB::flush();
return $guard_handler->authenticateUserAndHandleSuccess(
$user,
$request,

4
src/Entity/LocalUser.php
View File

@ -306,12 +306,12 @@ class LocalUser extends Entity implements UserInterface
public function changePassword(string $new_password, bool $override = false): void
{
if ($override || $this->checkPassword($new_password)) {
$this->setPassword($this->hashPassword($new_password));
$this->setPassword(self::hashPassword($new_password));
DB::flush();
}
}
public function hashPassword(string $password)
public static function hashPassword(string $password)
{
$algorithm = self::algoNameToConstant(Common::config('security', 'algorithm'));
$options = Common::config('security', 'options');