forked from GNUsocial/gnu-social
[SECURITY] Fix error in user registering where password wasn't hashed
This commit is contained in:
parent
1b350d51fc
commit
de22f18abf
@ -82,11 +82,14 @@ class Security extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
$actor = GSActor::create(['nickname' => $data['nickname']]);
|
$actor = GSActor::create(['nickname' => $data['nickname']]);
|
||||||
$user = LocalUser::create(['nickname' => $data['nickname'], 'email' => $data['email'], 'password' => $data['password']]);
|
$user = LocalUser::create([
|
||||||
|
'nickname' => $data['nickname'],
|
||||||
|
'email' => $data['email'],
|
||||||
|
'password' => LocalUser::hashPassword($data['password']),
|
||||||
|
]);
|
||||||
|
|
||||||
DB::persist($user);
|
DB::persist($user);
|
||||||
DB::persist($actor);
|
DB::persist($actor);
|
||||||
DB::flush();
|
|
||||||
|
|
||||||
// generate a signed url and email it to the user
|
// generate a signed url and email it to the user
|
||||||
if (Common::config('site', 'use_email')) {
|
if (Common::config('site', 'use_email')) {
|
||||||
@ -103,6 +106,8 @@ class Security extends Controller
|
|||||||
$user->setIsEmailVerified(true);
|
$user->setIsEmailVerified(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DB::flush();
|
||||||
|
|
||||||
return $guard_handler->authenticateUserAndHandleSuccess(
|
return $guard_handler->authenticateUserAndHandleSuccess(
|
||||||
$user,
|
$user,
|
||||||
$request,
|
$request,
|
||||||
|
@ -306,12 +306,12 @@ class LocalUser extends Entity implements UserInterface
|
|||||||
public function changePassword(string $new_password, bool $override = false): void
|
public function changePassword(string $new_password, bool $override = false): void
|
||||||
{
|
{
|
||||||
if ($override || $this->checkPassword($new_password)) {
|
if ($override || $this->checkPassword($new_password)) {
|
||||||
$this->setPassword($this->hashPassword($new_password));
|
$this->setPassword(self::hashPassword($new_password));
|
||||||
DB::flush();
|
DB::flush();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function hashPassword(string $password)
|
public static function hashPassword(string $password)
|
||||||
{
|
{
|
||||||
$algorithm = self::algoNameToConstant(Common::config('security', 'algorithm'));
|
$algorithm = self::algoNameToConstant(Common::config('security', 'algorithm'));
|
||||||
$options = Common::config('security', 'options');
|
$options = Common::config('security', 'options');
|
||||||
|
Loading…
Reference in New Issue
Block a user