diff options
author | Ember 'n0emis' Keske <git@n0emis.eu> | 2023-03-13 10:32:53 +0100 |
---|---|---|
committer | Ember 'n0emis' Keske <git@n0emis.eu> | 2023-03-13 10:32:53 +0100 |
commit | 6881d2f2f15976514cc52d6ea49ff09c5bb81d2b (patch) | |
tree | b26fdcb4ec40518a406034e72e027dae54e28ecf | |
parent | ade49e0b15e408bf00dd24f5641bd9a29a18f05c (diff) | |
download | nextcloud-server-6881d2f2f15976514cc52d6ea49ff09c5bb81d2b.tar.gz nextcloud-server-6881d2f2f15976514cc52d6ea49ff09c5bb81d2b.zip |
Don't try to hash a nonexisting password
Allows to log-in via a passwordless authentication provider, eg SSO
Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
-rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 38bbef8fb61..824e2e056c8 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -113,7 +113,7 @@ class PublicKeyTokenProvider implements IProvider { // We need to check against one old token to see if there is a password // hash that we can reuse for detecting outdated passwords $randomOldToken = $this->mapper->getFirstTokenForUser($uid); - $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash()); + $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $password !== null && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash()); $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); |