From c390ae94ff21c553fadc6645ca311eb42a46195f Mon Sep 17 00:00:00 2001
From: Christopher Ng <chrng8@gmail.com>
Date: Thu, 27 Jun 2024 16:58:06 -0700
Subject: feat: Validate password hash

Signed-off-by: Christopher Ng <chrng8@gmail.com>
---
 lib/private/User/Database.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/private/User')

diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index 194e998ef4f..bd6aa7ba2c2 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -8,6 +8,7 @@ declare(strict_types=1);
  */
 namespace OC\User;
 
+use InvalidArgumentException;
 use OCP\AppFramework\Db\TTransactional;
 use OCP\Cache\CappedMemoryCache;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -200,6 +201,9 @@ class Database extends ABackend implements
 	}
 
 	public function setPasswordHash(string $userId, string $passwordHash): bool {
+		if (!\OCP\Server::get(IHasher::class)->validate($passwordHash)) {
+			throw new InvalidArgumentException();
+		}
 		$this->fixDI();
 		$result = $this->updatePassword($userId, $passwordHash);
 		if (!$result) {
-- 
cgit v1.2.3