Fix decryption fallback after adding a secret

Signed-off-by: Julius Härtl <jus@bitgrid.net>
nextcloud · Mar 10, 2022 · a6796b4 · a6796b4
1 parent 553cb49
commit a6796b4
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
@@ -122,14 +122,19 @@ public function encrypt(string $plaintext, string $password = ''): string {
 	 * @throws Exception If the decryption failed
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if ($password === '') {
-			$password = $this->config->getSystemValue('secret');
-		}
+		$secret = $this->config->getSystemValue('secret');
 		try {
+			if ($password === '') {
+				return $this->decryptWithoutSecret($authenticatedCiphertext, $secret);
+			}
 			return $this->decryptWithoutSecret($authenticatedCiphertext, $password);
 		} catch (Exception $e) {
-			// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
-			return $this->decryptWithoutSecret($authenticatedCiphertext, '');
+			if ($password === '') {
+				// Retry with empty secret as a fallback for instances where the secret might not have been set by accident
+				return $this->decryptWithoutSecret($authenticatedCiphertext, '');
+			}
+
+			throw $e;
 		}
 	}