allow captured password for operationMode=local as well

2018-05-28 10:29:41 +02:00
parent a8903dcf9a
commit 9a93b88d11
3 changed files with 18 additions and 15 deletions
--- a/cron.php
+++ b/cron.php
@@ -19,7 +19,9 @@ require_once(__DIR__ . "/language.php");
 require_once(__DIR__ . "/mail_templates.php");
 require_once(__DIR__ . "/database.php");

-$sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations "
+$sql = "SELECT id, first_name, last_name, username, password, email,"
+        . " state, note, verify_token, admin_token "
+        . "FROM registrations "
        . "WHERE state = " . RegisterState::PendingEmailSend
        . " OR state = " . RegisterState::PendingAdminSend
        . " OR state = " . RegisterState::PendingRegistration
@@ -87,7 +89,7 @@ foreach ($mx_db->query($sql) as $row) {
                        break;
                    case "local":
                        // register by adding a user to the local database
-                        $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["email"]);
+                        $password = $mx_db->addUser($row["first_name"], $row["last_name"], $row["username"], $row["password"], $row["email"]);
                        break;
                    default:
                        throw new Exception("Unknown operationMode");
--- a/database.php
+++ b/database.php
@@ -98,7 +98,7 @@ class mxDatabase {
 			)");
        // make sure the bot is allowed to login
        if (!$this->userRegistered("register_bot")) {
-            $password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]);
+            $password = $this->addUser("Register", "Bot", "register_bot", NULL, $config["register_email"]);
            $config["register_password"] = $password;
            $myfile = fopen(dirname(__FILE__) . "/config.json", "w");
            fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT));
@@ -283,14 +283,16 @@ class mxDatabase {
     * 			NULL when failed
     *
     */
-    function addUser($first_name, $last_name, $username, $email) {
+    function addUser($first_name, $last_name, $username, $password, $email) {
        // check if user already exists and abort in that case
        if ($this->userRegistered($username)) {
            return NULL;
        }

-        // generate a password with 10 characters
-        $password = bin2hex(openssl_random_pseudo_bytes(5));
+        if ($password == NULL) {
+            // generate a password with 10 characters
+            $password = bin2hex(openssl_random_pseudo_bytes(5));
+        }
        $password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 12]);

        $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
--- a/public/verify_admin.php
+++ b/public/verify_admin.php
@@ -72,16 +72,16 @@ try {

        $password = NULL;
        $use_db_password = (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]);
+        if ($use_db_password && isset($user["password"]) && strlen($user["password"]) > 0) {
+            $password = $user["password"];
+        } else {
+            $use_db_password = false;
+            // generate a password with 10 characters
+            $password = bin2hex(openssl_random_pseudo_bytes(5));
+        }
        switch ($config["operationMode"]) {
            case "synapse":
                // register with registration_shared_secret
-                if ($use_db_password && isset($user["password"]) && strlen($user["password"]) > 0) {
-                    $password = $user["password"];
-                } else {
-                    $use_db_password = false;
-                    // generate a password with 10 characters
-                    $password = bin2hex(openssl_random_pseudo_bytes(5));
-                }
                $res = $mxConn->register($username, $password, $config["registration_shared_secret"]);
                if (!$res) {
                    // something went wrong while registering
@@ -90,8 +90,7 @@ try {
                break;
            case "local":
                // register by adding a user to the local database
-                $use_db_password = false; // requires restructure to use db-provided pw
-                $password = $mx_db->addUser($first_name, $last_name, $username, $email);
+                $password = $mx_db->addUser($first_name, $last_name, $username, $password, $email);
                break;
            default:
                throw new Exception("Unknown operationMode");