diff options
| -rw-r--r-- | lib/Controller/RoomController.php | 2 | ||||
| -rw-r--r-- | lib/Manager.php | 9 | ||||
| -rw-r--r-- | lib/Migration/Version2001Date20170921145301.php (renamed from lib/Migration/Version2001003Date20170911145301.php) | 4 | ||||
| -rw-r--r-- | lib/Room.php | 27 |
4 files changed, 25 insertions, 17 deletions
diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php index fa56e0b1f..c8896c8bc 100644 --- a/lib/Controller/RoomController.php +++ b/lib/Controller/RoomController.php @@ -184,7 +184,7 @@ class RoomController extends OCSController { 'sessionId' => isset($participants['users'][$this->userId]['sessionId']) ? $participants['users'][$this->userId]['sessionId'] : '0', 'participants' => $participantList, 'numGuests' => $numActiveGuests, - 'hasPassword' => $room->getPassword() !== '', + 'hasPassword' => $room->hasPassword(), ]; if ($this->userId !== null) { diff --git a/lib/Manager.php b/lib/Manager.php index a031b7e79..d7bee894b 100644 --- a/lib/Manager.php +++ b/lib/Manager.php @@ -26,6 +26,7 @@ use OCA\Spreed\Exceptions\RoomNotFoundException; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IConfig; use OCP\IDBConnection; +use OCP\Security\IHasher; use OCP\Security\ISecureRandom; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -39,6 +40,8 @@ class Manager { private $secureRandom; /** @var EventDispatcherInterface */ private $dispatcher; + /** @var IHasher */ + private $hasher; /** * Manager constructor. @@ -47,12 +50,14 @@ class Manager { * @param IConfig $config * @param ISecureRandom $secureRandom * @param EventDispatcherInterface $dispatcher + * @param IHasher $hasher */ - public function __construct(IDBConnection $db, IConfig $config, ISecureRandom $secureRandom, EventDispatcherInterface $dispatcher) { + public function __construct(IDBConnection $db, IConfig $config, ISecureRandom $secureRandom, EventDispatcherInterface $dispatcher, IHasher $hasher) { $this->db = $db; $this->config = $config; $this->secureRandom = $secureRandom; $this->dispatcher = $dispatcher; + $this->hasher = $hasher; } /** @@ -60,7 +65,7 @@ class Manager { * @return Room */ protected function createRoomObject(array $row) { - return new Room($this->db, $this->secureRandom, $this->dispatcher, (int) $row['id'], (int) $row['type'], $row['token'], $row['name'], $row['password']); + return new Room($this->db, $this->secureRandom, $this->dispatcher, $this->hasher, (int) $row['id'], (int) $row['type'], $row['token'], $row['name'], $row['password']); } /** diff --git a/lib/Migration/Version2001003Date20170911145301.php b/lib/Migration/Version2001Date20170921145301.php index 724df2672..efefbfd6c 100644 --- a/lib/Migration/Version2001003Date20170911145301.php +++ b/lib/Migration/Version2001Date20170921145301.php @@ -27,7 +27,7 @@ use Doctrine\DBAL\Types\Type; use OCP\Migration\SimpleMigrationStep; use OCP\Migration\IOutput; -class Version2001003Date20170911145301 extends SimpleMigrationStep { +class Version2001Date20170921145301 extends SimpleMigrationStep { /** * @param IOutput $output @@ -52,7 +52,7 @@ class Version2001003Date20170911145301 extends SimpleMigrationStep { $table = $schema->getTable('spreedme_rooms'); $table->addColumn('password', Type::STRING, [ 'notnull' => false, - 'length' => 64, + 'length' => 255, 'default' => '', ]); diff --git a/lib/Room.php b/lib/Room.php index 6277e55a2..beb3c9693 100644 --- a/lib/Room.php +++ b/lib/Room.php @@ -30,6 +30,7 @@ use OCA\Spreed\Exceptions\ParticipantNotFoundException; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; use OCP\IUser; +use OCP\Security\IHasher; use OCP\Security\ISecureRandom; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\EventDispatcher\GenericEvent; @@ -45,6 +46,8 @@ class Room { private $secureRandom; /** @var EventDispatcherInterface */ private $dispatcher; + /** @var IHasher */ + private $hasher; /** @var int */ private $id; @@ -68,16 +71,18 @@ class Room { * @param IDBConnection $db * @param ISecureRandom $secureRandom * @param EventDispatcherInterface $dispatcher + * @param IHasher $hasher * @param int $id * @param int $type * @param string $token * @param string $name * @param string $password */ - public function __construct(IDBConnection $db, ISecureRandom $secureRandom, EventDispatcherInterface $dispatcher, $id, $type, $token, $name, $password) { + public function __construct(IDBConnection $db, ISecureRandom $secureRandom, EventDispatcherInterface $dispatcher, IHasher $hasher, $id, $type, $token, $name, $password) { $this->db = $db; $this->secureRandom = $secureRandom; $this->dispatcher = $dispatcher; + $this->hasher = $hasher; $this->id = $id; $this->type = $type; $this->token = $token; @@ -114,10 +119,10 @@ class Room { } /** - * @return string + * @return bool */ - public function getPassword() { - return $this->password; + public function hasPassword() { + return $this->password !== ''; } /** @@ -232,20 +237,18 @@ class Room { * @return bool True when the change was valid, false otherwise */ public function setPassword($password) { - if ($password === $this->getPassword()) { - return true; - } - if ($this->getType() !== self::PUBLIC_CALL) { return false; } + $hash = $this->hasher->hash($password); + $query = $this->db->getQueryBuilder(); $query->update('spreedme_rooms') - ->set('password', $query->createNamedParameter($password)) + ->set('password', $query->createNamedParameter($hash)) ->where($query->expr()->eq('id', $query->createNamedParameter($this->getId(), IQueryBuilder::PARAM_INT))); $query->execute(); - $this->password = $password; + $this->password = $hash; return true; } @@ -367,7 +370,7 @@ class Room { $result = $query->execute(); if ($result === 0) { - if ($this->getPassword() !== '' && $this->getPassword() !== $password) { + if ($this->hasPassword() && $this->hasher->verify($password, $this->password)) { throw new InvalidPasswordException(); } @@ -401,7 +404,7 @@ class Room { public function enterRoomAsGuest($password) { $this->dispatcher->dispatch(self::class . '::preGuestEnterRoom', new GenericEvent($this)); - if ($this->getPassword() !== '' && $this->getPassword() !== $password) { + if ($this->hasPassword() && $this->hasher->verify($password, $this->password)) { throw new InvalidPasswordException(); } |