From 02013f43104ae84d6b43c9bb733bf4b5a07d3885 Mon Sep 17 00:00:00 2001 From: Christopher Ng Date: Tue, 25 Jun 2024 15:56:01 -0700 Subject: [PATCH 1/4] feat: Implement IPasswordHashBackend Signed-off-by: Christopher Ng --- lib/UserBackend.php | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/lib/UserBackend.php b/lib/UserBackend.php index 2e2a9b6c..bb4ef3bc 100644 --- a/lib/UserBackend.php +++ b/lib/UserBackend.php @@ -34,6 +34,7 @@ use OCP\User\Backend\IGetDisplayNameBackend; use OCP\User\Backend\IGetHomeBackend; use OCP\User\Backend\IGetRealUIDBackend; +use OCP\User\Backend\IPasswordHashBackend; use OCP\User\Backend\ISetDisplayNameBackend; use OCP\User\Backend\ISetPasswordBackend; @@ -47,7 +48,8 @@ class UserBackend extends ABackend implements ICheckPasswordBackend, IGetHomeBackend, ICountUsersBackend, - IGetRealUIDBackend { + IGetRealUIDBackend, + IPasswordHashBackend { /** @var CappedMemoryCache */ private $cache; /** @var IEventDispatcher */ @@ -160,6 +162,31 @@ public function setPassword(string $uid, string $password): bool { return false; } + public function getPasswordHash(string $userId): ?string { + if (!$this->userExists($userId)) { + return null; + } + $qb = $this->dbConn->getQueryBuilder(); + $qb->select('password') + ->from('guests_users') + ->where($qb->expr()->eq('uid_lower', $qb->createNamedParameter(mb_strtolower($userId)))); + /** @var false|string $hash */ + $hash = $qb->executeQuery()->fetchOne(); + if ($hash === false) { + return null; + } + return $hash; + } + + public function setPasswordHash(string $userId, string $passwordHash): bool { + $qb = $this->dbConn->getQueryBuilder(); + $qb->update('guests_users') + ->set('password', $qb->createNamedParameter($passwordHash)) + ->where($qb->expr()->eq('uid_lower', $qb->createNamedParameter(mb_strtolower($userId)))); + $result = $qb->executeStatement(); + return ($result !== 0); + } + /** * Set display name * From d1ff75f65a3e84cfe92e4a46db5bae12c54ea1ad Mon Sep 17 00:00:00 2001 From: Christopher Ng Date: Thu, 27 Jun 2024 17:05:33 -0700 Subject: [PATCH 2/4] feat: Validate hash Signed-off-by: Christopher Ng --- lib/UserBackend.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/UserBackend.php b/lib/UserBackend.php index bb4ef3bc..0cc22a19 100644 --- a/lib/UserBackend.php +++ b/lib/UserBackend.php @@ -23,6 +23,7 @@ namespace OCA\Guests; +use InvalidArgumentException; use OC\Cache\CappedMemoryCache; use OCP\EventDispatcher\IEventDispatcher; use OCP\IDBConnection; @@ -179,6 +180,9 @@ public function getPasswordHash(string $userId): ?string { } public function setPasswordHash(string $userId, string $passwordHash): bool { + if (!$this->hasher->validate($passwordHash)) { + throw new InvalidArgumentException(); + } $qb = $this->dbConn->getQueryBuilder(); $qb->update('guests_users') ->set('password', $qb->createNamedParameter($passwordHash)) From b52ce225761f8c8144b2f2c3858251f9422750b2 Mon Sep 17 00:00:00 2001 From: Christopher Ng Date: Thu, 11 Jul 2024 15:44:12 -0700 Subject: [PATCH 3/4] chore: Bump nextcloud/ocp Signed-off-by: Christopher Ng --- composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/composer.lock b/composer.lock index 558d6934..c396a3f2 100644 --- a/composer.lock +++ b/composer.lock @@ -858,16 +858,16 @@ "source": { "type": "git", "url": "https://github.com/nextcloud-deps/ocp.git", - "reference": "cb36d570c3b7aae1735599cc4b3614b9ce5c9c79" + "reference": "5460600953d265eb408baa990102b7ffb5c47134" }, "dist": { "type": "zip", - "url": "https://github.com/gitapi/repos/nextcloud-deps/ocp/zipball/cb36d570c3b7aae1735599cc4b3614b9ce5c9c79", - "reference": "cb36d570c3b7aae1735599cc4b3614b9ce5c9c79", + "url": "https://github.com/gitapi/repos/nextcloud-deps/ocp/zipball/5460600953d265eb408baa990102b7ffb5c47134", + "reference": "5460600953d265eb408baa990102b7ffb5c47134", "shasum": "" }, "require": { - "php": "~8.0 || ~8.1 || ~8.2", + "php": "~8.0 || ~8.1 || ~8.2 || ~8.3", "psr/clock": "^1.0", "psr/container": "^2.0.2", "psr/event-dispatcher": "^1.0", @@ -877,7 +877,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "28.0.0-dev" + "dev-master": "30.0.0-dev" } }, "notification-url": "https://packagist.org/downloads/", @@ -895,7 +895,7 @@ "issues": "https://github.com/nextcloud-deps/ocp/issues", "source": "https://github.com/nextcloud-deps/ocp/tree/master" }, - "time": "2023-08-26T00:28:49+00:00" + "time": "2024-07-11T00:37:32+00:00" }, { "name": "nikic/php-parser", From 4166c63ef44dbb585b6d14a3741cbc673d26dfa6 Mon Sep 17 00:00:00 2001 From: Christopher Ng Date: Thu, 11 Jul 2024 15:48:35 -0700 Subject: [PATCH 4/4] chore: Bump to v4 Signed-off-by: Christopher Ng --- appinfo/info.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/appinfo/info.xml b/appinfo/info.xml index 8c972628..27a9c96e 100755 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -9,7 +9,7 @@ Guests accounts can be created from the share menu by entering either the recipients email or name and choosing "create guest account", once the share is created the guest user will receive an email notification about the mail with a link to set their password. Guests users can only access files shared to them and cannot create any files outside of shares, additionally, the apps accessible to guest accounts are whitelisted.]]> - 3.2.0 + 4.0.0 agpl Nextcloud @@ -26,7 +26,7 @@ Guests users can only access files shared to them and cannot create any files ou https://github.com/raw/nextcloud/guests/master/screenshots/settings.png https://github.com/raw/nextcloud/guests/master/screenshots/dropdown.png - + OCA\Guests\Command\ListCommand