Bearer tokens are app token

Fixes #12498

This means that we set that it is a proper app token once it is
validated. This will allow the 2FA middleware to just run the same
check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 2c2244f06f727316f5930dabe1f9c6075a670b4b..54003dee00b111673ce769f0cf2a1196a32df088 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -776,6 +776,10 @@ class Session implements IUserSession, Emitter {
                if(!$this->validateToken($token)) {
                        return false;
                }
+
+               // Set the session variable so we know this is an app password
+               $this->session->set('app_password', $token);
+
                return true;
        }