feat: Validate password hash

Signed-off-by: Christopher Ng <chrng8@gmail.com>
nextcloud · Jul 5, 2024 · a0662ad · a0662ad
1 parent 207c72c
commit a0662ad
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
@@ -8,6 +8,7 @@
  */
 namespace OC\User;
 
+use InvalidArgumentException;
 use OCP\AppFramework\Db\TTransactional;
 use OCP\Cache\CappedMemoryCache;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -199,6 +200,9 @@ public function getPasswordHash(string $userId): ?string {
 	}
 
 	public function setPasswordHash(string $userId, string $passwordHash): bool {
+		if (!\OC::$server->get(IHasher::class)->validate($passwordHash)) {
+			throw new InvalidArgumentException();
+		}
 		$this->fixDI();
 		$result = $this->updatePassword($userId, $passwordHash);
 		if (!$result) {