summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2022-03-10 15:28:01 +0100
committerbackportbot[bot] <backportbot[bot]@users.noreply.github.com>2022-03-11 11:19:19 +0000
commit579f07ee2a525eab161da10280ab0cc26f85df64 (patch)
treea1425ebfc3a096dce47b483bf806a0fd0cbd87e2
parenta96cb00505dc927a3d789c3fc283737eeb4e3014 (diff)
downloadnextcloud-server-579f07ee2a525eab161da10280ab0cc26f85df64.tar.gz
nextcloud-server-579f07ee2a525eab161da10280ab0cc26f85df64.zip
Validate the password before generating an apptoken
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat
-rw-r--r--core/Command/User/AddAppPassword.php6
1 files changed, 4 insertions, 2 deletions
diff --git a/core/Command/User/AddAppPassword.php b/core/Command/User/AddAppPassword.php
index 34c8dc67ccc..4f636c406fb 100644
--- a/core/Command/User/AddAppPassword.php
+++ b/core/Command/User/AddAppPassword.php
@@ -109,8 +109,10 @@ class AddAppPassword extends Command {
return 1;
}
- $output->writeln('<info>The password is not validated so what you provide is what gets recorded in the token</info>');
-
+ if (!$this->userManager->checkPassword($user->getUID(), $password)) {
+ $output->writeln('<error>The provided password is invalid</error>');
+ return 1;
+ }
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$generatedToken = $this->tokenProvider->generateToken(
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-07 16:03:59 +0000