diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-01-09 16:12:01 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-01-09 16:32:36 +0100 |
| commit | 2fb4dac7adbafc8c2896bf72eb158fb90abf05a2 (patch) | |
| tree | ac0499ac237ab8b50732e98deca787c2315646d4 /lib/private/Authentication | |
| parent | 28b18d561cea2f77ca6cc70c4052001e41b57620 (diff) | |
| download | nextcloud-server-2fb4dac7adbafc8c2896bf72eb158fb90abf05a2.tar.gz nextcloud-server-2fb4dac7adbafc8c2896bf72eb158fb90abf05a2.zip | |
fix(authentication): Update the token when the hash is null or can not be verified
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/private/Authentication')
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 6cf6b8f858c..c8adec24b31 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -448,9 +448,28 @@ class PublicKeyTokenProvider implements IProvider { // Update the password for all tokens $tokens = $this->mapper->getTokenByUser($uid); $newPasswordHash = null; - $verifiedHashes = []; + + /** + * - true: The password hash could not be verified anymore + * and the token needs to be updated with the newly encrypted password + * - false: The hash could still be verified + * - missing: The hash needs to be verified + */ + $hashNeedsUpdate = []; + foreach ($tokens as $t) { - if ($t->getPasswordHash() === null || !isset($verifiedHashes[$t->getPasswordHash()]) || !$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) { + if (!isset($hashNeedsUpdate[$t->getPasswordHash()])) { + if ($t->getPasswordHash() === null) { + $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true; + } elseif (!$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) { + $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = true; + } else { + $hashNeedsUpdate[$t->getPasswordHash() ?: ''] = false; + } + } + $needsUpdating = $hashNeedsUpdate[$t->getPasswordHash() ?: ''] ?? true; + + if ($needsUpdating) { if ($newPasswordHash === null) { $newPasswordHash = $this->hashPassword($password); } @@ -460,8 +479,6 @@ class PublicKeyTokenProvider implements IProvider { $t->setPasswordHash($newPasswordHash); $t->setPasswordInvalid(false); $this->updateToken($t); - } else { - $verifiedHashes[$t->getPasswordHash() ?: ''] = true; } } } |