Don't save credentials of another user

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2020-12-17 11:46:57 +0100
committer: Joas Schilling <coding@schilljs.com> 2021-01-20 08:46:07 +0100
commit: 76367c5c38c59404a6a99ff4b5b489fa4c39373d (patch)
tree: 084c9da8d7c9e768296cdf4b75e966c5a1c87d1d /apps/files_external
parent: e22ce096442968b2cc3abb1ee730dfa7465d4438 (diff)
download: nextcloud-server-76367c5c38c59404a6a99ff4b5b489fa4c39373d.tar.gz
nextcloud-server-76367c5c38c59404a6a99ff4b5b489fa4c39373d.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php
index 6bf6b61f164..b8279f5ca61 100644
--- a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php
+++ b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php
@@ -79,6 +79,11 @@ class LoginCredentials extends AuthMechanism {
 			try {
 				$sessionCredentials = $this->credentialsStore->getLoginCredentials();
 
+				if ($sessionCredentials->getUID() !== $user->getUID()) {
+					// Can't take the credentials from the session as they are not the same user
+					throw new CredentialsUnavailableException();
+				}
+
 				$credentials = [
 					'user' => $sessionCredentials->getLoginName(),
 					'password' => $sessionCredentials->getPassword()
author	Joas Schilling <coding@schilljs.com>	2020-12-17 11:46:57 +0100
committer	Joas Schilling <coding@schilljs.com>	2021-01-20 08:46:07 +0100
commit	76367c5c38c59404a6a99ff4b5b489fa4c39373d (patch)
tree	084c9da8d7c9e768296cdf4b75e966c5a1c87d1d /apps/files_external
parent	e22ce096442968b2cc3abb1ee730dfa7465d4438 (diff)
download	nextcloud-server-76367c5c38c59404a6a99ff4b5b489fa4c39373d.tar.gz nextcloud-server-76367c5c38c59404a6a99ff4b5b489fa4c39373d.zip