From 2377fdd8a962775792133d84e07f71efe2c06b8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Thu, 7 Oct 2021 19:30:05 +0200
Subject: [PATCH] Tokens without password should not trigger changed password
 invalidation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/private/Authentication/Token/DefaultTokenProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
index ee8a28d3cb07f..5e5cf73af9555 100644
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -225,7 +225,7 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok
 	 */
 	public function getPassword(IToken $savedToken, string $tokenId): string {
 		$password = $savedToken->getPassword();
-		if (is_null($password)) {
+		if ($password === null || $password === '') {
 			throw new PasswordlessTokenException();
 		}
 		return $this->decryptPassword($password, $tokenId);