Validate the password before generating an apptoken

author Joas Schilling <coding@schilljs.com>

Thu, 10 Mar 2022 14:28:01 +0000 (15:28 +0100)

committer Joas Schilling <coding@schilljs.com>

Thu, 10 Mar 2022 14:52:01 +0000 (15:52 +0100)
author Joas Schilling <coding@schilljs.com>
Thu, 10 Mar 2022 14:28:01 +0000 (15:28 +0100)
committer Joas Schilling <coding@schilljs.com>
Thu, 10 Mar 2022 14:52:01 +0000 (15:52 +0100)
diff --git a/core/Command/User/AddAppPassword.php b/core/Command/User/AddAppPassword.php

index 34c8dc67ccc3337d14b184964d2974d2fbb3339b..4f636c406fbaa6f8c1c14a42ad337b3d32b43f12 100644 (file)
--- a/core/Command/User/AddAppPassword.php
+++ b/core/Command/User/AddAppPassword.php
@@ -109,8 +109,10 @@ class AddAppPassword extends Command {
                         return 1;
                 }
  
-               $output->writeln('<info>The password is not validated so what you provide is what gets recorded in the token</info>');
-
+               if (!$this->userManager->checkPassword($user->getUID(), $password)) {
+                       $output->writeln('<error>The provided password is invalid</error>');
+                       return 1;
+               }
  
                 $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
                 $generatedToken = $this->tokenProvider->generateToken(
author	Joas Schilling <coding@schilljs.com>
	Thu, 10 Mar 2022 14:28:01 +0000 (15:28 +0100)
committer	Joas Schilling <coding@schilljs.com>
	Thu, 10 Mar 2022 14:52:01 +0000 (15:52 +0100)