Remember me is not an app_password

While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 37d518b61231d0e14e50956606d65d86864a2079..06ae8f046b96c2e07a200bfdd695893840d3a1e1 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -832,8 +832,18 @@ class Session implements IUserSession, Emitter {
                        return false;
                }
 
-               // Set the session variable so we know this is an app password
-               $this->session->set('app_password', $token);
+               try {
+                       $dbToken = $this->tokenProvider->getToken($token);
+               } catch (InvalidTokenException $e) {
+                       // Can't relaly happen but better save than sorry
+                       return true;
+               }
+
+               // Remember me tokens are not app_passwords
+               if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+                       // Set the session variable so we know this is an app password
+                       $this->session->set('app_password', $token);
+               }
 
                return true;
        }