Don't save credentials of another user

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-12-17 11:46:57 +01:00
parent e22ce09644
commit 76367c5c38
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
1 changed files with 5 additions and 0 deletions

View File

@ -79,6 +79,11 @@ class LoginCredentials extends AuthMechanism {
try {
$sessionCredentials = $this->credentialsStore->getLoginCredentials();
if ($sessionCredentials->getUID() !== $user->getUID()) {
// Can't take the credentials from the session as they are not the same user
throw new CredentialsUnavailableException();
}
$credentials = [
'user' => $sessionCredentials->getLoginName(),
'password' => $sessionCredentials->getPassword()