Skip to content

Commit 70f2205

Browse files
bruschblankse
andauthored
Password reset - fix for possible host header injection (#362)
* Password reset - fix for possible host header injection * Update src/Controller/Admin/LoginController.php Co-authored-by: Sebastian Blank <blank@data-factory.net> --------- Co-authored-by: Sebastian Blank <blank@data-factory.net>
1 parent 9cae27b commit 70f2205

File tree

1 file changed

+22
-6
lines changed

1 file changed

+22
-6
lines changed

Diff for: src/Controller/Admin/LoginController.php

+22-6
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
use Pimcore\Logger;
3333
use Pimcore\Model\User;
3434
use Pimcore\Security\SecurityHelper;
35+
use Pimcore\SystemSettingsConfig;
3536
use Pimcore\Tool;
3637
use Pimcore\Tool\Authentication;
3738
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorInterface;
@@ -44,6 +45,7 @@
4445
use Symfony\Component\RateLimiter\RateLimiterFactory;
4546
use Symfony\Component\Routing\Annotation\Route;
4647
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
48+
use Symfony\Component\Routing\RouterInterface;
4749
use Symfony\Component\Security\Core\Exception\AuthenticationException;
4850
use Symfony\Component\Security\Core\Security;
4951
use Symfony\Component\Security\Core\User\UserInterface;
@@ -194,7 +196,13 @@ public function loginCheckAction(Request $request): RedirectResponse
194196
/**
195197
* @Route("/login/lostpassword", name="pimcore_admin_login_lostpassword")
196198
*/
197-
public function lostpasswordAction(Request $request, CsrfProtectionHandler $csrfProtection, Config $config, RateLimiterFactory $resetPasswordLimiter): Response
199+
public function lostpasswordAction(
200+
Request $request,
201+
CsrfProtectionHandler $csrfProtection,
202+
Config $config,
203+
RateLimiterFactory $resetPasswordLimiter,
204+
RouterInterface $router
205+
): Response
198206
{
199207
$params = $this->buildLoginPageViewParams($config);
200208
$error = null;
@@ -226,12 +234,20 @@ public function lostpasswordAction(Request $request, CsrfProtectionHandler $csrf
226234
if (!$error) {
227235
$token = Authentication::generateTokenByUser($user);
228236

229-
$loginUrl = $this->generateUrl('pimcore_admin_login_check', [
230-
'token' => $token,
231-
'reset' => 'true',
232-
], UrlGeneratorInterface::ABSOLUTE_URL);
233-
234237
try {
238+
$domain = SystemSettingsConfig::get()['general']['domain'];
239+
if (!$domain) {
240+
throw new \Exception('No main domain set in system settings, unable to generate reset password link');
241+
}
242+
243+
$context = $router->getContext();
244+
$context->setHost($domain);
245+
246+
$loginUrl = $this->generateUrl('pimcore_admin_login_check', [
247+
'token' => $token,
248+
'reset' => 'true',
249+
], UrlGeneratorInterface::ABSOLUTE_URL);
250+
235251
$event = new LostPasswordEvent($user, $loginUrl);
236252
$this->eventDispatcher->dispatch($event, AdminEvents::LOGIN_LOSTPASSWORD);
237253

0 commit comments

Comments
 (0)