diff options
| author | Simon L <szaimen@e.mail.de> | 2023-03-14 13:14:34 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-14 13:14:34 +0100 |
| commit | 5cba7f006265e67f8ce896bfa289c9bffcf06b94 (patch) | |
| tree | 66f7673800010a3420af25a53fc34ff574cf902f | |
| parent | 59185918744093370a3596d4929359ceb4b21c20 (diff) | |
| parent | 6881d2f2f15976514cc52d6ea49ff09c5bb81d2b (diff) | |
| download | nextcloud-server-5cba7f006265e67f8ce896bfa289c9bffcf06b94.tar.gz nextcloud-server-5cba7f006265e67f8ce896bfa289c9bffcf06b94.zip | |
Merge pull request #37192 from n0emis/empty-password
Don't try to hash a nonexisting password
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 38bbef8fb61..824e2e056c8 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -113,7 +113,7 @@ class PublicKeyTokenProvider implements IProvider { // We need to check against one old token to see if there is a password // hash that we can reuse for detecting outdated passwords $randomOldToken = $this->mapper->getFirstTokenForUser($uid); - $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash()); + $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $password !== null && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash()); $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); |