From be8e80a686b9c0a31dc1e007fb1cd6b071ed6f0d Mon Sep 17 00:00:00 2001
From: Carl Schwan <carlschwan@kde.org>
Date: Mon, 1 Jun 2026 14:00:44 +0200
Subject: [PATCH] fix: Make the IProvideUserSecretBackend usable

When implementing this for user_saml, I noticed that we do need to make
the return value nullable as otherwise there are no way for this feature
to be optional for the admin.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
---
 .../Authentication/IProvideUserSecretBackend.php     | 12 ++++++++++--
 lib/public/User/Backend/ICheckPasswordBackend.php    |  7 +++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/lib/public/Authentication/IProvideUserSecretBackend.php b/lib/public/Authentication/IProvideUserSecretBackend.php
index dfab35c5f48dc..04873f710bf47 100644
--- a/lib/public/Authentication/IProvideUserSecretBackend.php
+++ b/lib/public/Authentication/IProvideUserSecretBackend.php
@@ -9,6 +9,8 @@
 
 namespace OCP\Authentication;
 
+use OCP\HintException;
+
 /**
  * Interface IProvideUserSecretBackend
  *
@@ -18,8 +20,14 @@ interface IProvideUserSecretBackend {
 	/**
 	 * Optionally returns a stable per-user secret. This secret is for
 	 * instance used to secure file encryption keys.
-	 * @return string
+	 *
+	 * @return non-empty-string|null Returns the per-user secret if the backend
+	 *                               is configured or null otherwise.
+	 * @throws HintException when the backend is configured to return a per-user
+	 *                       secret but is unable to do so.
+	 *
 	 * @since 23.0.0
+	 * @since 35.0.0 The returns value is now optional.
 	 */
-	public function getCurrentUserSecret(): string;
+	public function getCurrentUserSecret(): ?string;
 }
diff --git a/lib/public/User/Backend/ICheckPasswordBackend.php b/lib/public/User/Backend/ICheckPasswordBackend.php
index db5d7d08cb57b..b104212f71497 100644
--- a/lib/public/User/Backend/ICheckPasswordBackend.php
+++ b/lib/public/User/Backend/ICheckPasswordBackend.php
@@ -13,11 +13,14 @@
  */
 interface ICheckPasswordBackend {
 	/**
-	 * @since 14.0.0
+	 * Check if the password is correct without logging in the user
+	 * returns the user id or false.
 	 *
-	 * @param string $loginName The loginname
+	 * @param string $loginName The login name
 	 * @param string $password The password
 	 * @return string|false The uid on success false on failure
+	 * @since 14.0.0
+	 *
 	 */
 	public function checkPassword(string $loginName, string $password);
 }