Remove phpass

See https://github.com/owncloud/core/pull/12226

1 files changed, 19 insertions, 9 deletions

diff --git a/lib/file.php b/lib/file.php
index c3f4b42f..74c8964e 100644
--- a/lib/file.php
+++ b/lib/file.php
@@ -105,16 +105,26 @@ class File {
 		}
 		
 		// Check Password
-		$forcePortable = (CRYPT_BLOWFISH != 1);
-		$hasher = new \PasswordHash(8, $forcePortable);
-		if (
-			$hasher->CheckPassword(
-				$password.\OC_Config::getValue('passwordsalt', ''),
-				$this->getPassword()
-			)
-		) {
-			// Save item id in session for future request
+		$newHash = '';
+		if(\OC::$server->getHasher()->verify($password, $this->getPassword(), $newHash)) {
 			\OC::$server->getSession()->set('public_link_authenticated', $shareId);
+
+			/**
+			 * FIXME: Migrate old hashes to new hash format
+			 * Due to the fact that there is no reasonable functionality to update the password
+			 * of an existing share no migration is yet performed there.
+			 * The only possibility is to update the existing share which will result in a new
+			 * share ID and is a major hack.
+			 *
+			 * In the future the migration should be performed once there is a proper method
+			 * to update the share's password. (for example `$share->updatePassword($password)`
+			 *
+			 * @link https://github.com/owncloud/core/issues/10671
+			 */
+			if(!empty($newHash)) {
+
+			}
+
 			return true;
 		}
 		return false;