From 1758dc357de9eb5a079aa1389f8126e97628817d Mon Sep 17 00:00:00 2001
From: Matt Marjanovic <maddog@mir.com>
Date: Thu, 27 Jan 2022 22:21:20 -0800
Subject: [PATCH] Stop adding passwords to passwordless authtokens during
 `updatePasswords()`

Fixes #30894 (at least, it is supposed to).

Signed-off-by: Matt Marjanovic <maddog@mir.com>
---
 lib/private/Authentication/Token/PublicKeyTokenProvider.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index 04781457a7a86..e9b4355e8fcaa 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -396,6 +396,10 @@ public function updatePasswords(string $uid, string $password) {
 		// Update the password for all tokens
 		$tokens = $this->mapper->getTokenByUser($uid);
 		foreach ($tokens as $t) {
+			// But, do not add a password to passwordless tokens.
+			if (is_null($t->getPassword())) {
+				continue;
+			}
 			$publicKey = $t->getPublicKey();
 			$t->setPassword($this->encryptPassword($password, $publicKey));
 			$t->setPasswordInvalid(false);