diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/Listeners/UserLoggedInListener.php | 5 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/private/Authentication/Listeners/UserLoggedInListener.php b/lib/private/Authentication/Listeners/UserLoggedInListener.php index e33f2bc04ca..88298889057 100644 --- a/lib/private/Authentication/Listeners/UserLoggedInListener.php +++ b/lib/private/Authentication/Listeners/UserLoggedInListener.php @@ -48,6 +48,11 @@ class UserLoggedInListener implements IEventListener { return; } + // prevent setting an empty pw as result of pw-less-login + if ($event->getPassword() === '') { + return; + } + // If this is already a token login there is nothing to do if ($event->isTokenLogin()) { return; diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index ab9ff23dfd1..e8149319904 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -413,6 +413,11 @@ class PublicKeyTokenProvider implements IProvider { public function updatePasswords(string $uid, string $password) { $this->cache->clear(); + // prevent setting an empty pw as result of pw-less-login + if ($password === '') { + return; + } + // Update the password for all tokens $tokens = $this->mapper->getTokenByUser($uid); foreach ($tokens as $t) { |