diff options
| author | Robin Appelman <robin@icewind.nl> | 2023-05-11 17:45:16 +0200 |
|---|---|---|
| committer | Robin Appelman <robin@icewind.nl> | 2023-05-11 17:47:56 +0200 |
| commit | 2466724b018f07753cb694e313149b09a2afa643 (patch) | |
| tree | bbbbbeaa8d33a723b5878c99f7d43578a81c8470 /apps/files_external/lib/Lib/Auth | |
| parent | db026840082432f8b851171a8f0e8374de818ee1 (diff) | |
| download | nextcloud-server-2466724b018f07753cb694e313149b09a2afa643.tar.gz nextcloud-server-2466724b018f07753cb694e313149b09a2afa643.zip | |
check the username when doing external storage session auth
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'apps/files_external/lib/Lib/Auth')
| -rw-r--r-- | apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php b/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php index dbe5a2fdc20..228366db204 100644 --- a/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php @@ -30,6 +30,7 @@ use OCA\Files_External\Lib\StorageConfig; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\LoginCredentials\IStore as CredentialsStore; use OCP\Files\Storage; +use OCP\Files\StorageAuthException; use OCP\IL10N; use OCP\IUser; @@ -57,6 +58,10 @@ class SessionCredentials extends AuthMechanism { throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved'); } + if ($credentials->getUID() !== $user->getUID()) { + throw new StorageAuthException('Session credentials for storage owner not available'); + } + $storage->setBackendOption('user', $credentials->getLoginName()); $storage->setBackendOption('password', $credentials->getPassword()); } |