fix: Use hashed password in files_external settingsartonge/feat/compare_hashed_password_when_updating_global_cred_in_files_external

Signed-off-by: Louis Chemineau <louis@chmn.me>

1 files changed, 8 insertions, 0 deletions

diff --git a/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php b/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php
index ca1c9ca2bee..f11dab2785f 100644
--- a/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php
+++ b/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php
@@ -19,6 +19,7 @@ use OCP\Security\ICredentialsManager;
  */
 class GlobalAuth extends AuthMechanism {
 	public const CREDENTIALS_IDENTIFIER = 'password::global';
+	private const PWD_PLACEHOLDER = '************************';
 
 	/** @var ICredentialsManager */
 	protected $credentialsManager;
@@ -41,11 +42,18 @@ class GlobalAuth extends AuthMechanism {
 				'password' => ''
 			];
 		} else {
+			$auth['password'] = self::PWD_PLACEHOLDER;
 			return $auth;
 		}
 	}
 
 	public function saveAuth($uid, $user, $password) {
+		// Use old password if it has not changed.
+		if ($password === self::PWD_PLACEHOLDER) {
+			$auth = $this->credentialsManager->retrieve($uid, self::CREDENTIALS_IDENTIFIER);
+			$password = $auth['password'];
+		}
+
 		$this->credentialsManager->store($uid, self::CREDENTIALS_IDENTIFIER, [
 			'user' => $user,
 			'password' => $password