Return correct loginname in credentials,

even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>

diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index a16b291f5f51a269162d7100e89d2a185f9fed88..5ce78ce158dc98977770ddeb1a0d54c6dac4f530 100644 (file)
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -112,7 +112,7 @@ class Store implements IStore {
 
                if ($trySession && $this->session->exists('login_credentials')) {
                        $creds = json_decode($this->session->get('login_credentials'));
-                       return new Credentials($creds->uid, $creds->uid, $creds->password);
+                       return new Credentials($creds->uid, $this->session->get('loginname'), $creds->password);
                }
 
                // If we reach this line, an exception was thrown.