D5802.1774831772.diff
No OneTemporary
Actions

Authored By

Unknown

Size

992 B

Referenced Files

None

Subscribers

None

D5802.1774831772.diff
View Options

	diff --git a/src/app/User.php b/src/app/User.php
	--- a/src/app/User.php
	+++ b/src/app/User.php
	@@ -849,7 +849,7 @@
	}

	// Note: We intentionally check if password is expired when we know it's valid
	- if ($authenticated === true && !$allow_expired && $this->getSetting('password_expired')) {
	+ if ($authenticated === true && !$allow_expired && $this->role != self::ROLE_SERVICE && $this->getSetting('password_expired')) {
	$authenticated = AuthAttempt::REASON_PASSWORD_EXPIRED;
	}

	@@ -915,6 +915,10 @@
	$error = AuthAttempt::REASON_PASSWORD;
	}
	} else {
	+ if ($user->role == self::ROLE_SERVICE) {
	+ $withChecks = false;
	+ }
	+
	if (!$withChecks) {
	$cacheId = hash('sha256', "{$user->id}-{$password}");
	// Skip the slow password verification for cases where we also don't verify mfa.