Skip to content

Commit

Permalink
fix(authentication): Handle null or empty string password hash
Browse files Browse the repository at this point in the history
This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument nextcloud#2 ($hash) must be of type string, null given

Signed-off-by: Joas Schilling <coding@schilljs.com>
  • Loading branch information
nickvergessen authored and summersab committed Jun 26, 2023
1 parent 9e2e502 commit 1ba379b
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ public function generateToken(string $token,
// We need to check against one old token to see if there is a password
// hash that we can reuse for detecting outdated passwords
$randomOldToken = $this->mapper->getFirstTokenForUser($uid);
$oldTokenMatches = $randomOldToken && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
$oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());

$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);

Expand Down

0 comments on commit 1ba379b

Please sign in to comment.