diff --git a/src/Model/User.php b/src/Model/User.php index d66c73d7eb..2621897f4e 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -128,12 +128,22 @@ class User $user = self::getAuthenticationInfo($user_info); if (strpos($user['password'], '$') === false) { + //Legacy hash that has not been replaced by a new hash yet if (self::hashPasswordLegacy($password) === $user['password']) { self::updatePassword($user['uid'], $password); + return $user['uid']; + } + } elseif (!empty($user['legacy_password'])) { + //Legacy hash that has been double-hashed and not replaced by a new hash yet + //Warning: `legacy_password` is not necessary in sync with the content of `password` + if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { + self::updatePassword($user['uid'], $password); + return $user['uid']; } } elseif (password_verify($password, $user['password'])) { + //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { self::updatePassword($user['uid'], $password); }