1 files changed, 9 insertions, 1 deletions

diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index bd39dd11460..8e31d7e23ca 100644
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -10,6 +10,7 @@ namespace OC\Authentication\LoginCredentials;
 
 use OC\Authentication\Exceptions\PasswordlessTokenException;
 use OC\Authentication\Token\IProvider;
+use OC\Security\Crypto;
 use OCP\Authentication\Exceptions\CredentialsUnavailableException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\LoginCredentials\ICredentials;
@@ -29,12 +30,17 @@ class Store implements IStore {
 	/** @var IProvider|null */
 	private $tokenProvider;
 
+	/** @var Crypto|null */
+	private $crypto;
+
 	public function __construct(ISession $session,
 		LoggerInterface $logger,
-		?IProvider $tokenProvider = null) {
+		?IProvider $tokenProvider = null,
+		?Crypto $crypto = null) {
 		$this->session = $session;
 		$this->logger = $logger;
 		$this->tokenProvider = $tokenProvider;
+		$this->crypto = $crypto;
 
 		Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
 	}
@@ -45,6 +51,7 @@ class Store implements IStore {
 	 * @param array $params
 	 */
 	public function authenticate(array $params) {
+		$params['password'] = $this->crypto->encrypt((string)$params['password']);
 		$this->session->set('login_credentials', json_encode($params));
 	}
 
@@ -91,6 +98,7 @@ class Store implements IStore {
 		if ($trySession && $this->session->exists('login_credentials')) {
 			/** @var array $creds */
 			$creds = json_decode($this->session->get('login_credentials'), true);
+			$creds['password'] = $this->crypto->decrypt($creds['password']);
 			return new Credentials(
 				$creds['uid'],
 				$creds['loginName'] ?? $this->session->get('loginname') ?? $creds['uid'], // Pre 20 didn't have a loginName property, hence fall back to the session value and then to the UID