diff options
author | Joas Schilling <coding@schilljs.com> | 2023-01-09 14:53:12 +0100 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2023-01-09 14:53:12 +0100 |
commit | 55d8aec7597ab29031abda47da9afa15a16b0a4a (patch) | |
tree | 21489c013cf4933c6724eacf39a3d8e6ad794476 /lib | |
parent | 3892c3edc91bcb32f31ccc50fc88c3451c7830d4 (diff) | |
download | nextcloud-server-55d8aec7597ab29031abda47da9afa15a16b0a4a.tar.gz nextcloud-server-55d8aec7597ab29031abda47da9afa15a16b0a4a.zip |
fix(authentication): Only verify each hash once
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 7f1b10e0956..651540f934a 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -448,9 +448,11 @@ class PublicKeyTokenProvider implements IProvider { // Update the password for all tokens $tokens = $this->mapper->getTokenByUser($uid); $passwordHash = $this->hashPassword($password); + $verifiedHashes = []; foreach ($tokens as $t) { - $publicKey = $t->getPublicKey(); - if ($t->getPasswordHash() === null || $this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) { + if ($t->getPasswordHash() === null || isset($verifiedHashes[$t->getPasswordHash()]) || $this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) { + $verifiedHashes[$t->getPasswordHash() ?: ''] = true; + $publicKey = $t->getPublicKey(); $t->setPassword($this->encryptPassword($password, $publicKey)); $t->setPasswordHash($passwordHash); $t->setPasswordInvalid(false); |