Add warning for plaintext passwords, set default password mode to secure

Signed-off-by: Sebastian Sterk <sebastian@wiuwiu.de>
nextcloud · Aug 1, 2019 · 5dc9b1d · 5dc9b1d
1 parent 66747db
commit 5dc9b1d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -195,7 +195,7 @@ Add the following to your `config.php`:
                     2 => 'dbuser',
                     3 => 'dbuserpassword',
                     4 => 'xmppdomain',
-		    5 => true,
+                    5 => true,
                 ),
             ),
     ),
@@ -207,6 +207,9 @@ Add the following to your `config.php`:
 4 - XMPP Domain
 5 - Hashed Passwords in Database (true) / Plaintext Passwords in Database (false)
 
+**⚠⚠ Warning:** If you need to set *5 (Hashed Password in Database)* to false, your Prosody Instance is storing passwords in plaintext. This is insecure and not recommended. We highly recommend that you change your Prosody configuration to protect the passwords of your Prosody users. ⚠⚠
+
+
 Alternatives
 ------------
 Other extensions allow connecting to external user databases directly via SQL, which may be faster:

diff --git a/lib/xmpp.php b/lib/xmpp.php
@@ -22,7 +22,7 @@ class OC_User_XMPP extends \OCA\user_external\Base {
 	private $xmppDomain;
 	private $passwordHashed;
 
-	public function __construct($host, $xmppDb, $xmppDbUser, $xmppDbPassword, $xmppDomain, $passwordHashed) {
+	public function __construct($host, $xmppDb, $xmppDbUser, $xmppDbPassword, $xmppDomain, $passwordHashed = true) {
 		parent::__construct($host);
 		$this->host = $host;
 		$this->xmppDb = $xmppDb;