Skip to content

Commit c69bf87

Browse files
committed
fix(federation): Don't ask the database for an empty url
Signed-off-by: Joas Schilling <coding@schilljs.com>
1 parent 366864b commit c69bf87

File tree

2 files changed

+18
-18
lines changed

2 files changed

+18
-18
lines changed

apps/federation/lib/Controller/OCSAuthAPIController.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,10 @@ public function getSharedSecret(string $url, string $token): DataResponse {
165165
}
166166

167167
protected function isValidToken(string $url, string $token): bool {
168+
if ($url === '' || $token === '') {
169+
return false;
170+
}
168171
$storedToken = $this->dbHandler->getToken($url);
169-
return hash_equals($storedToken, $token);
172+
return $storedToken !== '' && hash_equals($storedToken, $token);
170173
}
171174
}

apps/federation/tests/Controller/OCSAuthAPIControllerTest.php

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -126,27 +126,24 @@ public function testGetSharedSecret(bool $isTrustedServer, bool $isValidToken, b
126126
$url = 'url';
127127
$token = 'token';
128128

129-
/** @var OCSAuthAPIController | \PHPUnit\Framework\MockObject\MockObject $ocsAuthApi */
130-
$ocsAuthApi = $this->getMockBuilder('OCA\Federation\Controller\OCSAuthAPIController')
131-
->setConstructorArgs(
132-
[
133-
'federation',
134-
$this->request,
135-
$this->secureRandom,
136-
$this->jobList,
137-
$this->trustedServers,
138-
$this->dbHandler,
139-
$this->logger,
140-
$this->timeFactory,
141-
$this->throttler
142-
]
143-
)->setMethods(['isValidToken'])->getMock();
129+
$ocsAuthApi = new OCSAuthAPIController(
130+
'federation',
131+
$this->request,
132+
$this->secureRandom,
133+
$this->jobList,
134+
$this->trustedServers,
135+
$this->dbHandler,
136+
$this->logger,
137+
$this->timeFactory,
138+
$this->throttler,
139+
);
144140

145141
$this->trustedServers
146142
->expects($this->any())
147143
->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
148-
$ocsAuthApi->expects($this->any())
149-
->method('isValidToken')->with($url, $token)->willReturn($isValidToken);
144+
$this->dbHandler->method('getToken')
145+
->with($url)
146+
->willReturn($isValidToken ? $token : 'not $token');
150147

151148
if ($ok) {
152149
$this->secureRandom->expects($this->once())->method('generate')->with(32)

0 commit comments

Comments
 (0)