Merge pull request #11580 from nextcloud/backport/11568/stable14

rullzer · web-flow · commit 6734e434bcc6 · 2018-10-03T13:35:51.000+02:00
[stable14] Just update password hash without validating
diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
@@ -176,6 +176,16 @@ public function deleteUser($uid) {
 		return $result ? true : false;
 	}
 
+	private function updatePassword(string $uid, string $passwordHash): bool {
+		$query = $this->dbConn->getQueryBuilder();
+		$query->update($this->table)
+			->set('password', $query->createNamedParameter($passwordHash))
+			->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));
+		$result = $query->execute();
+
+		return $result ? true : false;
+	}
+
 	/**
 	 * Set password
 	 *
@@ -195,13 +205,7 @@ public function setPassword(string $uid, string $password): bool {
 			$hasher = \OC::$server->getHasher();
 			$hashedPassword = $hasher->hash($password);
 
-			$query = $this->dbConn->getQueryBuilder();
-			$query->update($this->table)
-				->set('password', $query->createNamedParameter($hashedPassword))
-				->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));
-			$result = $query->execute();
-
-			return $result ? true : false;
+			return $this->updatePassword($uid, $hashedPassword);
 		}
 
 		return false;
@@ -314,7 +318,7 @@ public function checkPassword(string $uid, string $password) {
 			$newHash = '';
 			if (\OC::$server->getHasher()->verify($password, $storedHash, $newHash)) {
 				if (!empty($newHash)) {
-					$this->setPassword($uid, $password);
+					$this->updatePassword($uid, $newHash);
 				}
 				return (string)$row['uid'];
 			}
