From 28b18d561cea2f77ca6cc70c4052001e41b57620 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Mon, 9 Jan 2023 15:58:26 +0100
Subject: [PATCH] fix(authentication): Only hash the new password when needed

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .../Authentication/Token/PublicKeyTokenProvider.php       | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index adac86dd073..6cf6b8f858c 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -447,13 +447,17 @@ class PublicKeyTokenProvider implements IProvider {
 
 		// Update the password for all tokens
 		$tokens = $this->mapper->getTokenByUser($uid);
-		$passwordHash = $this->hashPassword($password);
+		$newPasswordHash = null;
 		$verifiedHashes = [];
 		foreach ($tokens as $t) {
 			if ($t->getPasswordHash() === null || !isset($verifiedHashes[$t->getPasswordHash()]) || !$this->hasher->verify(sha1($password) . $password, $t->getPasswordHash())) {
+				if ($newPasswordHash === null) {
+					$newPasswordHash = $this->hashPassword($password);
+				}
+
 				$publicKey = $t->getPublicKey();
 				$t->setPassword($this->encryptPassword($password, $publicKey));
-				$t->setPasswordHash($passwordHash);
+				$t->setPasswordHash($newPasswordHash);
 				$t->setPasswordInvalid(false);
 				$this->updateToken($t);
 			} else {