Don't save credentials of another user
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
parent
e22ce09644
commit
76367c5c38
|
@ -79,6 +79,11 @@ class LoginCredentials extends AuthMechanism {
|
|||
try {
|
||||
$sessionCredentials = $this->credentialsStore->getLoginCredentials();
|
||||
|
||||
if ($sessionCredentials->getUID() !== $user->getUID()) {
|
||||
// Can't take the credentials from the session as they are not the same user
|
||||
throw new CredentialsUnavailableException();
|
||||
}
|
||||
|
||||
$credentials = [
|
||||
'user' => $sessionCredentials->getLoginName(),
|
||||
'password' => $sessionCredentials->getPassword()
|
||||
|
|
Loading…
Reference in New Issue