Fix update password rehash

Fixes https://github.com/friendica/friendica/issues/4743
The logic for updating password was wrong:
https://github.com/friendica/friendica/commit/b0a764b14c2f2798f7eb223e58d47530f80609c1#diff-1466bb1a0a37fe9f7cf52eda8f3b431aR150

diff --git a/src/Model/User.php b/src/Model/User.php
index 4ae43c3e11839ae45cf1505b26f569010f1db076..abf4d1d3e4d2ce8d486fee3d0d2586d83ce62c7a 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -127,18 +127,18 @@ class User
        {
                $user = self::getAuthenticationInfo($user_info);
 
-               if ($user['legacy_password']) {
-                       if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
-                               self::updatePassword($user['uid'], $password);
-
-                               return $user['uid'];
-                       }
-               } elseif (password_verify($password, $user['password'])) {
+               if (password_verify($password, $user['password'])) {
                        if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
                                self::updatePassword($user['uid'], $password);
                        }
 
                        return $user['uid'];
+               } elseif (!empty($user['legacy_password']) || strpos($user['password'], '$') === false) {
+                       if (self::hashPasswordLegacy($password) === $user['password']) {
+                               self::updatePassword($user['uid'], $password);
+
+                               return $user['uid'];
+                       }
                }
 
                throw new Exception(L10n::t('Login failed'));