Fix update password rehash

Fixes https://github.com/friendica/friendica/issues/4743
The logic for updating password was wrong:
b0a764b14c (diff-1466bb1a0a37fe9f7cf52eda8f3b431aR150)
This commit is contained in:
Alexandre Alapetite 2018-04-08 12:28:04 +02:00
parent 232d1009e5
commit 129f6806f6

View file

@ -127,18 +127,18 @@ class User
{ {
$user = self::getAuthenticationInfo($user_info); $user = self::getAuthenticationInfo($user_info);
if ($user['legacy_password']) { if (password_verify($password, $user['password'])) {
if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
self::updatePassword($user['uid'], $password);
return $user['uid'];
}
} elseif (password_verify($password, $user['password'])) {
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
self::updatePassword($user['uid'], $password); self::updatePassword($user['uid'], $password);
} }
return $user['uid']; return $user['uid'];
} elseif (!empty($user['legacy_password']) || strpos($user['password'], '$') === false) {
if (self::hashPasswordLegacy($password) === $user['password']) {
self::updatePassword($user['uid'], $password);
return $user['uid'];
}
} }
throw new Exception(L10n::t('Login failed')); throw new Exception(L10n::t('Login failed'));