From 0f7260de03b3fd5b1cf70cd79a1d6c77faeb56f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Thu, 10 Mar 2022 11:38:14 +0100
Subject: [PATCH] Fix decryption fallback after adding a secret
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
(cherry picked from commit a6796b424784561f4ab76d04324985f1f2f6a75f)
---
 lib/private/Security/Crypto.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
index d3b62dc7e4d..ece69d6deeb 100644
--- a/lib/private/Security/Crypto.php
+++ b/lib/private/Security/Crypto.php
@@ -122,14 +122,19 @@ class Crypto implements ICrypto {
 	 * @throws Exception If the decryption failed
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
+		$secret = $this->config->getSystemValue('secret');
 		try {
+			if ($password === '') {
+				return $this->decryptWithoutSecret($authenticatedCiphertext, $secret);
+			}
 			return $this->decryptWithoutSecret($authenticatedCiphertext, $password);
 		} catch (Exception $e) {
-			// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
-			return $this->decryptWithoutSecret($authenticatedCiphertext, '');
+			if ($password === '') {
+				// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
+				return $this->decryptWithoutSecret($authenticatedCiphertext, '');
+			}
+
+			throw $e;
 		}
 	}