diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-02-20 11:15:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-20 11:15:37 +0100 |
| commit | c550acae6232dea20ecc2c2b231b0ee9075a99e7 (patch) | |
| tree | a378ba261a2b05e7b34780fbb08fab4b9a81a12b /lib | |
| parent | bba3a1ccf0b41ee212cfb43ceee2b20e66904654 (diff) | |
| parent | 6417ea02655e6e16067ee1633aa3bb5ec09c5a2e (diff) | |
| download | nextcloud-server-c550acae6232dea20ecc2c2b231b0ee9075a99e7.tar.gz nextcloud-server-c550acae6232dea20ecc2c2b231b0ee9075a99e7.zip | |
Merge pull request #36653 from nextcloud/bugfix/noid/more-defensive-old-token-handling
fix(authentication): Handle null or empty string password hash
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 84708065070..38bbef8fb61 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -113,7 +113,7 @@ class PublicKeyTokenProvider implements IProvider { // We need to check against one old token to see if there is a password // hash that we can reuse for detecting outdated passwords $randomOldToken = $this->mapper->getFirstTokenForUser($uid); - $oldTokenMatches = $randomOldToken && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash()); + $oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash()); $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); |