-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Just update password hash without validating #11568
Conversation
lib/private/User/Database.php
Outdated
@@ -314,7 +314,11 @@ public function checkPassword(string $uid, string $password) { | |||
$newHash = ''; | |||
if (\OC::$server->getHasher()->verify($password, $storedHash, $newHash)) { | |||
if (!empty($newHash)) { | |||
$this->setPassword($uid, $password); | |||
$qb = $this->dbConn->getQueryBuilder() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add a bool $silent
param instead? I'm not a big fan of this duplication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fair enough. Extracted the logic to a function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better 👍 😄
Fixes #11097 If your password hash changed (becuse your are on 7.2 and we moved to ARGON2). Then we shold not 'set a new password' but just update the hash. As else we invoke the password policy again which might lock out users. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
e107585
to
0c9a3de
Compare
Fixes #11097
If your password hash changed (becuse your are on 7.2 and we moved to
ARGON2). Then we shold not 'set a new password' but just update the
hash. As else we invoke the password policy again which might lock out
users.
Signed-off-by: Roeland Jago Douma roeland@famdouma.nl