Add additional check if password hash is empty in auth process

progreg · progreg · commit ed6649194f08 · 2018-11-05T14:34:03.000+02:00
diff --git a/app/code/Magento/Customer/Model/Authentication.php b/app/code/Magento/Customer/Model/Authentication.php
@@ -167,7 +167,7 @@ public function authenticate($customerId, $password)
     {
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
         $hash = $customerSecure->getPasswordHash();
-        if (!$this->encryptor->validateHash($password, $hash)) {
+        if (!$hash || !$this->encryptor->validateHash($password, $hash)) {
             $this->processAuthenticationFailure($customerId);
             if ($this->isLocked($customerId)) {
                 throw new UserLockedException(__('The account is locked.'));

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ public function authenticate($customerId, $password)`
`167`	`167`	`{`
`168`	`168`	`$customerSecure = $this->customerRegistry->retrieveSecureData($customerId);`
`169`	`169`	`$hash = $customerSecure->getPasswordHash();`
`170`		`- if (!$this->encryptor->validateHash($password, $hash)) {`
	`170`	`+ if (!$hash \|\| !$this->encryptor->validateHash($password, $hash)) {`
`171`	`171`	`$this->processAuthenticationFailure($customerId);`
`172`	`172`	`if ($this->isLocked($customerId)) {`
`173`	`173`	`throw new UserLockedException(__('The account is locked.'));`