Merge pull request #29131 from nextcloud/backport/27886/stable20

[stable20] Keep pw based auth tokens valid when pw-less login happens

lib/private/Authentication/Listeners/UserLoggedInListener.php

@@ -48,6 +48,11 @@ class UserLoggedInListener implements IEventListener {
 			return;
 		}
 
+		// prevent setting an empty pw as result of pw-less-login
+		if ($event->getPassword() === '') {
+			return;
+		}
+
 		// If this is already a token login there is nothing to do
 		if ($event->isTokenLogin()) {
 			return;

lib/private/Authentication/Token/PublicKeyTokenProvider.php

@@ -419,6 +419,11 @@ class PublicKeyTokenProvider implements IProvider {
 			return;
 		}
 
+		// prevent setting an empty pw as result of pw-less-login
+		if ($password === '') {
+			return;
+		}
+
 		// Update the password for all tokens
 		$tokens = $this->mapper->getTokenByUser($uid);
 		foreach ($tokens as $t) {