Update password confirmation middleware

If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index 7c1c4595e9a84ca6a981ad19c8ebf3d4d3820910..d752a68cf322a5cb89749ea7bb20d7d145b2c110 100644 (file)
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -29,6 +29,7 @@ use OCP\AppFramework\Middleware;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\ISession;
 use OCP\IUserSession;
+use OCP\User\Backend\IPasswordConfirmationBackend;
 
 class PasswordConfirmationMiddleware extends Middleware {
        /** @var ControllerMethodReflector */
@@ -70,6 +71,13 @@ class PasswordConfirmationMiddleware extends Middleware {
                        $user = $this->userSession->getUser();
                        $backendClassName = '';
                        if ($user !== null) {
+                               $backend = $user->getBackend();
+                               if ($backend instanceof IPasswordConfirmationBackend) {
+                                       if (!$backend->canConfirmPassword($user->getUID())) {
+                                               return;
+                                       }
+                               }
+
                                $backendClassName = $user->getBackendClassName();
                        }