From f8da1e68a3839496d1cf694e06cccc892a5843cf Mon Sep 17 00:00:00 2001 From: Lukas Metzger Date: Thu, 12 Apr 2018 14:12:11 +0200 Subject: [PATCH] Fixed bug where invalid key was not recognized on update --- backend/src/operations/Credentials.php | 29 +++++++++++++------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/backend/src/operations/Credentials.php b/backend/src/operations/Credentials.php index 57e0538..428a3bb 100644 --- a/backend/src/operations/Credentials.php +++ b/backend/src/operations/Credentials.php @@ -210,19 +210,6 @@ class Credentials */ public function updateCredential(int $record, int $credential, ? string $description, ? string $type, ? string $key, ? string $password) : array { - if ($type === 'key') { - if (openssl_pkey_get_public($key) === false) { - throw new \Exceptions\InvalidKeyException(); - } - $secret = $key; - } elseif ($type === 'password') { - $secret = password_hash($password, PASSWORD_DEFAULT); - } elseif ($type === null) { - $secret = null; - } else { - throw new \Exceptions\SemanticException(); - } - $this->db->beginTransaction(); $query = $this->db->prepare('SELECT id,record,description,type,security FROM remote WHERE id=:id AND record=:record'); @@ -241,10 +228,24 @@ class Credentials $type = $type !== null ? $type : $record['type']; $secret = $secret !== null ? $secret : $record['security']; - $query = $this->db->prepare('UPDATE remote SET description=:description,type=:type,security=:security'); + if ($type === 'key') { + if (openssl_pkey_get_public($key) === false) { + throw new \Exceptions\InvalidKeyException(); + } + $secret = $key; + } elseif ($type === 'password') { + $secret = password_hash($password, PASSWORD_DEFAULT); + } elseif ($type === null) { + $secret = null; + } else { + throw new \Exceptions\SemanticException(); + } + + $query = $this->db->prepare('UPDATE remote SET description=:description,type=:type,security=:security WHERE id=:credential'); $query->bindValue(':description', $description); $query->bindValue(':type', $type); $query->bindValue(':security', $secret); + $query->bindValue(':credential', $credential); $query->execute(); $this->db->commit();