feat: Validate password hash

Signed-off-by: Christopher Ng <chrng8@gmail.com>
nextcloud · Jul 8, 2024 · c390ae9 · c390ae9
1 parent dba0056
commit c390ae9
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
@@ -8,6 +8,7 @@
  */
 namespace OC\User;
 
+use InvalidArgumentException;
 use OCP\AppFramework\Db\TTransactional;
 use OCP\Cache\CappedMemoryCache;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -200,6 +201,9 @@ public function getPasswordHash(string $userId): ?string {
 	}
 
 	public function setPasswordHash(string $userId, string $passwordHash): bool {
+		if (!\OCP\Server::get(IHasher::class)->validate($passwordHash)) {
+			throw new InvalidArgumentException();
+		}
 		$this->fixDI();
 		$result = $this->updatePassword($userId, $passwordHash);
 		if (!$result) {