mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remember me is not an app_password 

While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2020-12-04 12:40:28 +01:00 committed by backportbot[bot]
parent 8a93263b86
commit a5951d0d79
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/private/User/Session.php
View File

@ -825,8 +825,18 @@ class Session implements IUserSession, Emitter {
return false; return false;
} }
// Set the session variable so we know this is an app password try {
$this->session->set('app_password', $token); $dbToken = $this->tokenProvider->getToken($token);
} catch (InvalidTokenException $e) {
// Can't relaly happen but better save than sorry
return true;
}
// Remember me tokens are not app_passwords
if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
// Set the session variable so we know this is an app password
$this->session->set('app_password', $token);
}
return true; return true;
} }