upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

fix(authentication): Only hash the new password when needed

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2023-01-09 15:58:26 +01:00
parent c5bb19641c
commit 28b18d561c
No known key found for this signature in database
GPG key ID: 74434EFE0D2E2205
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View file

@ -447,13 +447,17 @@ class PublicKeyTokenProvider implements IProvider {
// Update the password for all tokens
$tokens = $this->mapper->getTokenByUser($uid);
$passwordHash = $this->hashPassword($password);
$newPasswordHash = null;
$verifiedHashes = [];
foreach ($tokens as $t) {
if ($t->getPasswordHash() === null || !isset($verifiedHashes[$t->getPasswordHash()]) || !$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) {
if ($newPasswordHash === null) {
$newPasswordHash = $this->hashPassword($password);
}
$publicKey = $t->getPublicKey();
$t->setPassword($this->encryptPassword($password, $publicKey));
$t->setPasswordHash($passwordHash);
$t->setPasswordHash($newPasswordHash);
$t->setPasswordInvalid(false);
$this->updateToken($t);
} else {