summaryrefslogtreecommitdiffstats
path: root/lib/private/Security/VerificationToken/VerificationToken.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Security/VerificationToken/VerificationToken.php')
-rw-r--r--lib/private/Security/VerificationToken/VerificationToken.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/private/Security/VerificationToken/VerificationToken.php b/lib/private/Security/VerificationToken/VerificationToken.php
index c85e0e7b5a1..2d3f902b622 100644
--- a/lib/private/Security/VerificationToken/VerificationToken.php
+++ b/lib/private/Security/VerificationToken/VerificationToken.php
@@ -84,10 +84,15 @@ class VerificationToken implements IVerificationToken {
try {
$decryptedToken = $this->crypto->decrypt($encryptedToken, $passwordPrefix.$this->config->getSystemValue('secret'));
} catch (\Exception $e) {
- $this->throwInvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR);
+ // Retry with empty secret as a fallback for instances where the secret might not have been set by accident
+ try {
+ $decryptedToken = $this->crypto->decrypt($encryptedToken, $passwordPrefix);
+ } catch (\Exception $e2) {
+ $this->throwInvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR);
+ }
}
- $splitToken = explode(':', $decryptedToken ?? '');
+ $splitToken = explode(':', $decryptedToken);
if (count($splitToken) !== 2) {
$this->throwInvalidTokenException(InvalidTokenException::TOKEN_INVALID_FORMAT);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 08:30:47 +0000