From 99d49d4591c187b497c1b8578e912ef1dafdcdb7 Mon Sep 17 00:00:00 2001
From: Christopher Ng <chrng8@gmail.com>
Date: Thu, 27 Jun 2024 17:05:33 -0700
Subject: [PATCH] feat: Validate hash

Signed-off-by: Christopher Ng <chrng8@gmail.com>
---
 lib/UserBackend.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/UserBackend.php b/lib/UserBackend.php
index bb4ef3bc..0cc22a19 100644
--- a/lib/UserBackend.php
+++ b/lib/UserBackend.php
@@ -23,6 +23,7 @@
 
 namespace OCA\Guests;
 
+use InvalidArgumentException;
 use OC\Cache\CappedMemoryCache;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IDBConnection;
@@ -179,6 +180,9 @@ public function getPasswordHash(string $userId): ?string {
 	}
 
 	public function setPasswordHash(string $userId, string $passwordHash): bool {
+		if (!$this->hasher->validate($passwordHash)) {
+			throw new InvalidArgumentException();
+		}
 		$qb = $this->dbConn->getQueryBuilder();
 		$qb->update('guests_users')
 			->set('password', $qb->createNamedParameter($passwordHash))