fix(authentication): Invert the logic to the original intention

We need to store the new authentication details when the hash did **not** verify
the old password.

Signed-off-by: Joas Schilling <coding@schilljs.com>

1 files changed, 3 insertions, 2 deletions

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index 651540f934a..adac86dd073 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -450,13 +450,14 @@ class PublicKeyTokenProvider implements IProvider {
 		$passwordHash = $this->hashPassword($password);
 		$verifiedHashes = [];
 		foreach ($tokens as $t) {
-			if ($t->getPasswordHash() === null || isset($verifiedHashes[$t->getPasswordHash()]) || $this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) {
-				$verifiedHashes[$t->getPasswordHash() ?: ''] = true;
+			if ($t->getPasswordHash() === null || !isset($verifiedHashes[$t->getPasswordHash()]) || !$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) {
 				$publicKey = $t->getPublicKey();
 				$t->setPassword($this->encryptPassword($password, $publicKey));
 				$t->setPasswordHash($passwordHash);
 				$t->setPasswordInvalid(false);
 				$this->updateToken($t);
+			} else {
+				$verifiedHashes[$t->getPasswordHash() ?: ''] = true;
 			}
 		}
 	}