From 481eb3e55ad59417522b7cf2e74d5b8eec21e529 Mon Sep 17 00:00:00 2001
From: Christopher Ng <chrng8@gmail.com>
Date: Thu, 27 Jun 2024 16:58:06 -0700
Subject: [PATCH] feat: Validate password hash

Signed-off-by: Christopher Ng <chrng8@gmail.com>
---
 lib/private/User/Database.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index 112c8000a3ec7..01384dcfcfc4a 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -8,6 +8,7 @@
  */
 namespace OC\User;
 
+use InvalidArgumentException;
 use OCP\AppFramework\Db\TTransactional;
 use OCP\Cache\CappedMemoryCache;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -199,6 +200,9 @@ public function getPasswordHash(string $userId): ?string {
 	}
 
 	public function setPasswordHash(string $userId, string $passwordHash): bool {
+		if (!\OC::$server->get(IHasher::class)->validate($passwordHash)) {
+			throw new InvalidArgumentException();
+		}
 		$this->fixDI();
 		$result = $this->updatePassword($userId, $passwordHash);
 		if (!$result) {