diff options
| author | Julius Härtl <jus@bitgrid.net> | 2022-03-10 11:38:14 +0100 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2022-03-10 14:01:21 +0100 |
| commit | a6796b424784561f4ab76d04324985f1f2f6a75f (patch) | |
| tree | 6a47b0b77ed8f82434c60ff57ba9ea70163f46fb /lib/private/Security/Crypto.php | |
| parent | 553cb499b2abf51b1edd9b2deb309cec6cff35b6 (diff) | |
| download | nextcloud-server-a6796b424784561f4ab76d04324985f1f2f6a75f.tar.gz nextcloud-server-a6796b424784561f4ab76d04324985f1f2f6a75f.zip | |
Fix decryption fallback after adding a secret
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'lib/private/Security/Crypto.php')
| -rw-r--r-- | lib/private/Security/Crypto.php | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php index d3b62dc7e4d..ece69d6deeb 100644 --- a/lib/private/Security/Crypto.php +++ b/lib/private/Security/Crypto.php @@ -122,14 +122,19 @@ class Crypto implements ICrypto { * @throws Exception If the decryption failed */ public function decrypt(string $authenticatedCiphertext, string $password = ''): string { - if ($password === '') { - $password = $this->config->getSystemValue('secret'); - } + $secret = $this->config->getSystemValue('secret'); try { + if ($password === '') { + return $this->decryptWithoutSecret($authenticatedCiphertext, $secret); + } return $this->decryptWithoutSecret($authenticatedCiphertext, $password); } catch (Exception $e) { - // Retry with empty secret as a fallback for instances where the secret might not have been set by accident - return $this->decryptWithoutSecret($authenticatedCiphertext, ''); + if ($password === '') { + // Retry with empty secret as a fallback for instances where the secret might not have been set by accident + return $this->decryptWithoutSecret($authenticatedCiphertext, ''); + } + + throw $e; } } |