From 6417ea02655e6e16067ee1633aa3bb5ec09c5a2e Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 10 Feb 2023 09:18:50 +0100
Subject: [PATCH] fix(authentication): Handle null or empty string password
 hash

This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument #2 ($hash) must be of type string, null given

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Authentication/Token/PublicKeyTokenProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index 8470806507054..38bbef8fb61db 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -113,7 +113,7 @@ public function generateToken(string $token,
 		// We need to check against one old token to see if there is a password
 		// hash that we can reuse for detecting outdated passwords
 		$randomOldToken = $this->mapper->getFirstTokenForUser($uid);
-		$oldTokenMatches = $randomOldToken && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
+		$oldTokenMatches = $randomOldToken && $randomOldToken->getPasswordHash() && $this->hasher->verify(sha1($password) . $password, $randomOldToken->getPasswordHash());
 
 		$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);