]> source.dussan.org Git - nextcloud-server.git/commitdiff
Don't try to hash a nonexisting password 37192/head
authorEmber 'n0emis' Keske <git@n0emis.eu>
Mon, 13 Mar 2023 09:32:53 +0000 (10:32 +0100)
committerEmber 'n0emis' Keske <git@n0emis.eu>
Mon, 13 Mar 2023 09:32:53 +0000 (10:32 +0100)
Allows to log-in via a passwordless authentication provider, eg SSO

Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
lib/private/Authentication/Token/PublicKeyTokenProvider.php

index 38bbef8fb61dbad5df705f74e5563136946b72f1..824e2e056c813340b933ac8462aa044255e877ea 100644 (file)
@@ -113,7 +113,7 @@ class PublicKeyTokenProvider implements IProvider {
                // We need to check against one old token to see if there is a password
                // hash that we can reuse for detecting outdated passwords
                $randomOldToken = $this->mapper->getFirstTokenForUser($uid);
-               $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
+               $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $password !== null && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
 
                $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);