Stop adding passwords to passwordless authtokens during `updatePasswo…

…rds()` Fixes #30894 (at least, it is supposed to). Signed-off-by: Matt Marjanovic <[email protected]>
nextcloud · Jan 28, 2022 · 1758dc3 · 1758dc3
1 parent 4d98612
commit 1758dc3
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -396,6 +396,10 @@ public function updatePasswords(string $uid, string $password) {
 		// Update the password for all tokens
 		$tokens = $this->mapper->getTokenByUser($uid);
 		foreach ($tokens as $t) {
+			// But, do not add a password to passwordless tokens.
+			if (is_null($t->getPassword())) {
+				continue;
+			}
 			$publicKey = $t->getPublicKey();
 			$t->setPassword($this->encryptPassword($password, $publicKey));
 			$t->setPasswordInvalid(false);