mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update password confirmation middleware 

If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-10-11 21:56:24 +02:00
parent 1fd640b40b
commit 603b672a11
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
View File

@ -29,6 +29,7 @@ use OCP\AppFramework\Middleware;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\ISession;
use OCP\IUserSession;
use OCP\User\Backend\IPasswordConfirmationBackend;
class PasswordConfirmationMiddleware extends Middleware {
/** @var ControllerMethodReflector */
@ -70,6 +71,13 @@ class PasswordConfirmationMiddleware extends Middleware {
$user = $this->userSession->getUser();
$backendClassName = '';
if ($user !== null) {
$backend = $user->getBackend();
if ($backend instanceof IPasswordConfirmationBackend) {
if (!$backend->canConfirmPassword($user->getUID())) {
return;
}
}
$backendClassName = $user->getBackendClassName();
}