From 5343353bb54f8cfdd63eb9bb334bbaf668948ea6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 25 Apr 2026 16:35:22 +0000
Subject: [PATCH] feat: clear manually-entered deSEC password after successful
 login

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/902f3119-a4ee-4fa5-8865-510513cc4046

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
---
 php/src/Desec/DesecManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/php/src/Desec/DesecManager.php b/php/src/Desec/DesecManager.php
index c692c6ce..13f7a08b 100644
--- a/php/src/Desec/DesecManager.php
+++ b/php/src/Desec/DesecManager.php
@@ -54,8 +54,9 @@ class DesecManager {
 
             if ($validatedPassword !== '') {
                 // The user supplied their existing deSEC password — log in instead of registering.
+                // Store an empty password: the token is all we need; the user's password must not be persisted.
                 $token = $this->loginAccount($validatedEmail, $validatedPassword);
-                $this->saveAccountCredentials($token, $validatedPassword, $validatedEmail);
+                $this->saveAccountCredentials($token, '', $validatedEmail);
             } else {
                 // 24 random bytes → 48-char hex password; satisfies deSEC's minimum length
                 // and lets the user log in at desec.io if they ever need to.