Skip to content

Commit

Permalink
Merge pull request #32391 from owncloud/stable10CompageUID
Browse files Browse the repository at this point in the history 
[stable10] compare UIDs instead of objects when changing email address
  • Loading branch information
@individual-it
individual-it authored Aug 21, 2018
2 parents babbc2a + 7944293 commit 6b02b7b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 4 deletions.
2 changes: 1 addition & 1 deletion settings/Controller/UsersController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -823,7 +823,7 @@ public function changeMail($token, $userId) {
$user = $this->userManager->get($userId);
$sessionUser = $this->userSession->getUser();

if ($user !== $sessionUser) {
if ($user->getUID() !== $sessionUser->getUID()) {
$this->log->error("The logged in user is different than expected.", ['app' => 'settings']);
return new RedirectResponse($this->urlGenerator->linkToRoute('settings.SettingsPage.getPersonal', ['changestatus' => 'error']));
}
Expand Down
17 changes: 14 additions & 3 deletions tests/Settings/Controller/UsersControllerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2306,14 +2306,25 @@ public function testSetDisplayNameFails() {
public function testDifferentLoggedUserAndRequestUser() {
$token = 'AVerySecretToken';
$userId = 'ExistingUser';
$differentUserId = 'ExistingUser2';
$mailAddress = 'sample@email.com';
$userObject = $this->getMockBuilder('OCP\IUser')
$userObject = $this->getMockBuilder(IUser::class)
->disableOriginalConstructor()->getMock();
$diffUserObject = $this->getMockBuilder('OCP\IUser')
$userObject
->expects($this->atLeastOnce())
->method('getUID')
->willReturn($userId);

$diffUserObject = $this->getMockBuilder(IUser::class)
->disableOriginalConstructor()->getMock();

$diffUserObject
->expects($this->atLeastOnce())
->method('getUID')
->willReturn($differentUserId);

$this->container['UserManager']
->expects($this->once())
->expects($this->atLeastOnce())
->method('get')
->with($userId)
->will($this->returnValue($userObject));
Expand Down

0 comments on commit 6b02b7b

Please sign in to comment.