diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-12-04 12:40:28 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-12-04 12:40:28 +0100 |
| commit | 48b4b83b5ad1eb58c3e3bf850575f4d9c7b6a69a (patch) | |
| tree | bdf47510aa070499b817cfce92a9e67003c76623 | |
| parent | 64bc7c79e8e2f60b80eb56c821a2c2d62d123e43 (diff) | |
| download | nextcloud-server-48b4b83b5ad1eb58c3e3bf850575f4d9c7b6a69a.tar.gz nextcloud-server-48b4b83b5ad1eb58c3e3bf850575f4d9c7b6a69a.zip | |
Remember me is not an app_password
While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | lib/private/User/Session.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 37d518b6123..06ae8f046b9 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -832,8 +832,18 @@ class Session implements IUserSession, Emitter { return false; } - // Set the session variable so we know this is an app password - $this->session->set('app_password', $token); + try { + $dbToken = $this->tokenProvider->getToken($token); + } catch (InvalidTokenException $e) { + // Can't relaly happen but better save than sorry + return true; + } + + // Remember me tokens are not app_passwords + if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { + // Set the session variable so we know this is an app password + $this->session->set('app_password', $token); + } return true; } |