From d250c4a5b9daed6caf1600d79d705a267b7f75a7 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Wed, 4 Mar 2026 09:54:51 -0100
Subject: [PATCH] refactor(password-confirmation): better condition

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 .../Security/PasswordConfirmationMiddleware.php           | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index ce997d1701600..6ac27ee3aa53f 100644
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -56,10 +56,8 @@ public function beforeController(Controller $controller, string $methodName) {
 		$backendClassName = '';
 		if ($user !== null) {
 			$backend = $user->getBackend();
-			if ($backend instanceof IPasswordConfirmationBackend) {
-				if (!$backend->canConfirmPassword($user->getUID())) {
-					return;
-				}
+			if ($backend instanceof IPasswordConfirmationBackend && !$backend->canConfirmPassword($user->getUID())) {
+				return;
 			}
 
 			$backendClassName = $user->getBackendClassName();
@@ -74,7 +72,7 @@ public function beforeController(Controller $controller, string $methodName) {
 		}
 
 		$scope = $token->getScopeAsArray();
-		if (isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) && $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === true) {
+		if (($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] ?? false) === true) {
 			// Users logging in from SSO backends cannot confirm their password by design
 			return;
 		}