We oC 8 we use the `StringUtils::equals` method which will also verify the type, since we don't anylonger hash the token twice this is required in case somebody is able to invoke this route with an empty `$token`.
try {
$user = $this->userManager->get($userId);
- if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword'), $token)) {
+ if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword', null), $token)) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}