From 80973cd60b47eb241382ecec0fc1777921c96100 Mon Sep 17 00:00:00 2001 From: Lionel Elie Mamane Date: Sun, 7 Jun 2020 14:15:10 +0200 Subject: [PATCH] Return correct loginname in credentials, even when token is invalid or has no password. Returning the uid as loginname is wrong, and leads to problems when these differ. E.g. the getapppassword API was creating app token with the uid as loginname. In a scenario with external authentication (such as LDAP), these tokens were then invalidated next time their underlying password was checked, and systematically ceased to function. Signed-off-by: Lionel Elie Mamane --- lib/private/Authentication/LoginCredentials/Store.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php index a16b291f5f5..5ce78ce158d 100644 --- a/lib/private/Authentication/LoginCredentials/Store.php +++ b/lib/private/Authentication/LoginCredentials/Store.php @@ -112,7 +112,7 @@ class Store implements IStore { if ($trySession && $this->session->exists('login_credentials')) { $creds = json_decode($this->session->get('login_credentials')); - return new Credentials($creds->uid, $creds->uid, $creds->password); + return new Credentials($creds->uid, $this->session->get('loginname'), $creds->password); } // If we reach this line, an exception was thrown. -- 2.39.5