mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Don't save credentials of another user 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-12-17 11:46:57 +01:00
parent 37f3195c6b
commit 8e3e1f9a32
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php
View File

@ -79,6 +79,11 @@ class LoginCredentials extends AuthMechanism {
try { try {
$sessionCredentials = $this->credentialsStore->getLoginCredentials(); $sessionCredentials = $this->credentialsStore->getLoginCredentials();
if ($sessionCredentials->getUID() !== $user->getUID()) {
// Can't take the credentials from the session as they are not the same user
throw new CredentialsUnavailableException();
}
$credentials = [ $credentials = [
'user' => $sessionCredentials->getLoginName(), 'user' => $sessionCredentials->getLoginName(),
'password' => $sessionCredentials->getPassword() 'password' => $sessionCredentials->getPassword()