aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmber 'n0emis' Keske <git@n0emis.eu>2023-03-13 10:32:53 +0100
committerEmber 'n0emis' Keske <git@n0emis.eu>2023-03-13 10:32:53 +0100
commit6881d2f2f15976514cc52d6ea49ff09c5bb81d2b (patch)
treeb26fdcb4ec40518a406034e72e027dae54e28ecf
parentade49e0b15e408bf00dd24f5641bd9a29a18f05c (diff)
downloadnextcloud-server-6881d2f2f15976514cc52d6ea49ff09c5bb81d2b.tar.gz
nextcloud-server-6881d2f2f15976514cc52d6ea49ff09c5bb81d2b.zip
Don't try to hash a nonexisting password
Allows to log-in via a passwordless authentication provider, eg SSO Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
-rw-r--r--lib/private/Authentication/Token/PublicKeyTokenProvider.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index 38bbef8fb61..824e2e056c8 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -113,7 +113,7 @@ class PublicKeyTokenProvider implements IProvider {
// We need to check against one old token to see if there is a password
// hash that we can reuse for detecting outdated passwords
$randomOldToken = $this->mapper->getFirstTokenForUser($uid);
- $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
+ $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $password !== null && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);