From 1cd421383dea3a81db8c7f5af8d792c497233fb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Laumaill=C3=A9?= Date: Tue, 28 Jan 2025 18:51:50 +0100 Subject: [PATCH 1/2] Improved query for selecting an example item for password check before changing it --- sources/main.queries.php | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/sources/main.queries.php b/sources/main.queries.php index de0d20afe..0750a80b9 100755 --- a/sources/main.queries.php +++ b/sources/main.queries.php @@ -3227,14 +3227,12 @@ function changeUserAuthenticationPassword( * @param integer $post_user_id * @param string $post_previous_pwd * @param string $post_current_pwd - * @param array $SETTINGS * @return string */ function changeUserLDAPAuthenticationPassword( int $post_user_id, string $post_previous_pwd, - string $post_current_pwd, - array $SETTINGS + string $post_current_pwd ) { $session = SessionManager::getSession(); @@ -3249,7 +3247,7 @@ function changeUserLDAPAuthenticationPassword( WHERE id = %i', $post_user_id ); - + if (DB::count() > 0 && empty($userData['private_key']) === false) { // Now check if current password is correct (only if not ldap) if ($userData['auth_type'] === 'ldap' && $userData['special'] === 'auth-pwd-change') { @@ -3298,12 +3296,13 @@ function changeUserLDAPAuthenticationPassword( 'encode' ); } - // Get one itemKey from current user $currentUserKey = DB::queryFirstRow( - 'SELECT share_key, increment_id - FROM ' . prefixTable('sharekeys_items') . ' - WHERE user_id = %i + 'SELECT ski.share_key, ski.increment_id + FROM ' . prefixTable('sharekeys_items') . ' AS ski + INNER JOIN ' . prefixTable('log_items') . ' AS l ON ski.object_id = l.id_item + WHERE l.id_user = %i + ORDER BY date DESC LIMIT 1', $post_user_id ); @@ -3312,7 +3311,7 @@ function changeUserLDAPAuthenticationPassword( // Decrypt itemkey with user key // use old password to decrypt private_key $itemKey = decryptUserObjectKey($currentUserKey['share_key'], $privateKey); - + if (empty(base64_decode($itemKey)) === false) { // GOOD password // Encrypt it with current password From 4ddcd77f5750cc8a621d4df93de9c1482d748444 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Laumaill=C3=A9?= Date: Tue, 28 Jan 2025 19:51:43 +0100 Subject: [PATCH 2/2] Fix for #4554 --- sources/main.queries.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sources/main.queries.php b/sources/main.queries.php index 0750a80b9..cdd851ca2 100755 --- a/sources/main.queries.php +++ b/sources/main.queries.php @@ -3298,11 +3298,11 @@ function changeUserLDAPAuthenticationPassword( } // Get one itemKey from current user $currentUserKey = DB::queryFirstRow( - 'SELECT ski.share_key, ski.increment_id + 'SELECT ski.share_key, ski.increment_id, l.id_user FROM ' . prefixTable('sharekeys_items') . ' AS ski INNER JOIN ' . prefixTable('log_items') . ' AS l ON ski.object_id = l.id_item - WHERE l.id_user = %i - ORDER BY date DESC + WHERE ski.user_id = %i + ORDER BY RAND() LIMIT 1', $post_user_id ); @@ -3311,7 +3311,7 @@ function changeUserLDAPAuthenticationPassword( // Decrypt itemkey with user key // use old password to decrypt private_key $itemKey = decryptUserObjectKey($currentUserKey['share_key'], $privateKey); - + if (empty(base64_decode($itemKey)) === false) { // GOOD password // Encrypt it with current password