From 1aa9c9164d73be7aabb5a2ff18e8999c55e33a48 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 9 Nov 2020 17:33:05 +0100 Subject: Fix comparing the empty string for global credentials Signed-off-by: Joas Schilling --- lib/private/Security/CredentialsManager.php | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'lib/private/Security/CredentialsManager.php') diff --git a/lib/private/Security/CredentialsManager.php b/lib/private/Security/CredentialsManager.php index a40a7e1d88e..20af25ae10f 100644 --- a/lib/private/Security/CredentialsManager.php +++ b/lib/private/Security/CredentialsManager.php @@ -81,9 +81,13 @@ class CredentialsManager implements ICredentialsManager { $qb = $this->dbConnection->getQueryBuilder(); $qb->select('credentials') ->from(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) - ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) - ; + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); + + if ($userId === '') { + $qb->andWhere($qb->expr()->emptyString('user')); + } else { + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))); + } $qResult = $qb->execute(); $result = $qResult->fetch(); @@ -107,9 +111,14 @@ class CredentialsManager implements ICredentialsManager { public function delete($userId, $identifier) { $qb = $this->dbConnection->getQueryBuilder(); $qb->delete(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) - ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) - ; + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); + + if ($userId === '') { + $qb->andWhere($qb->expr()->emptyString('user')); + } else { + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))); + } + return $qb->execute(); } -- cgit v1.2.3