Merge pull request #29161 from nextcloud/backport/29122/stable21

MichaIng · web-flow · commit da5063bf897d · 2021-10-11T14:36:15.000+02:00
[stable21] Tokens without password should not trigger changed password invalidation
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -225,7 +225,7 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok
 	 */
 	public function getPassword(IToken $savedToken, string $tokenId): string {
 		$password = $savedToken->getPassword();
-		if (is_null($password)) {
+		if ($password === null || $password === '') {
 			throw new PasswordlessTokenException();
 		}
 		return $this->decryptPassword($password, $tokenId);

Original file line number	Diff line number	Diff line change
`@@ -225,7 +225,7 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok`
`225`	`225`	`*/`
`226`	`226`	`public function getPassword(IToken $savedToken, string $tokenId): string {`
`227`	`227`	`$password = $savedToken->getPassword();`
`228`		`- if (is_null($password)) {`
	`228`	`+ if ($password === null \|\| $password === '') {`
`229`	`229`	`throw new PasswordlessTokenException();`
`230`	`230`	`}`
`231`	`231`	`return $this->decryptPassword($password, $tokenId);`