From 961f737f3610c79c3db565a4fc62db59853d19b3 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Tue, 1 Jan 2019 01:06:28 -0500 Subject: [PATCH] Use User::updatePasswordHashed directly when re-hashing a password --- src/Model/User.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index c71ae475e..f24a0a298 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -192,7 +192,7 @@ class User if (strpos($user['password'], '$') === false) { //Legacy hash that has not been replaced by a new hash yet if (self::hashPasswordLegacy($password) === $user['password']) { - self::updatePassword($user['uid'], $password); + self::updatePasswordHashed($user['uid'], self::hashPassword($password)); return $user['uid']; } @@ -200,14 +200,14 @@ class User //Legacy hash that has been double-hashed and not replaced by a new hash yet //Warning: `legacy_password` is not necessary in sync with the content of `password` if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { - self::updatePassword($user['uid'], $password); + self::updatePasswordHashed($user['uid'], self::hashPassword($password)); return $user['uid']; } } elseif (password_verify($password, $user['password'])) { //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { - self::updatePassword($user['uid'], $password); + self::updatePasswordHashed($user['uid'], self::hashPassword($password)); } return $user['uid'];