diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-12-09 18:02:22 +0300 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-12-09 18:03:00 +0300 |
| commit | fd26103b47b7f188037ec6117b90566de561d11d (patch) | |
| tree | 53b2bfe14e2415b0130884379f2bed2f3a2229ee /lib/Service | |
| parent | 88ba5d8f5f623ea15325a1594b84c2d0e5339d74 (diff) | |
Fix empty password for provisioned account
Passwords can't just be `null` but also an empty string. The code did
not handle that properly. Now checking against `emtpy` so both `null`
and `''` trigger shortcut evaluation and prevent decrypring of an
invalid value.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/Service')
| -rw-r--r-- | lib/Service/Provisioning/Manager.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/Service/Provisioning/Manager.php b/lib/Service/Provisioning/Manager.php index 60fafc332..57780a9a9 100644 --- a/lib/Service/Provisioning/Manager.php +++ b/lib/Service/Provisioning/Manager.php @@ -162,9 +162,9 @@ class Manager { try { $account = $this->mailAccountMapper->findProvisionedAccount($user); - if ($account->getInboundPassword() !== null + if (!empty($account->getInboundPassword()) && $this->crypto->decrypt($account->getInboundPassword()) === $password - && $account->getOutboundPassword() !== null + && !empty($account->getOutboundPassword()) && $this->crypto->decrypt($account->getOutboundPassword()) === $password) { $this->logger->debug('Password of provisioned account is up to date'); return; |