Merge pull request #24748 from owncloud/login-explicitly

Log in explicitly, save login name when generating browser/device tokens

1 files changed, 9 insertions, 11 deletions

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index ddd86a56abb..749f395e280 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -219,7 +219,7 @@ class Session implements IUserSession, Emitter {
 				return;
 			}
 
-			if ($this->manager->checkPassword($user->getUID(), $pwd) === false
+			if ($this->manager->checkPassword($token->getLoginName(), $pwd) === false
 				|| !$user->isEnabled()) {
 				// Password has changed or user was disabled -> log user out
 				$this->logout();
@@ -388,25 +388,23 @@ class Session implements IUserSession, Emitter {
 	 *
 	 * @param IRequest $request
 	 * @param string $uid user UID
+	 * @param string $loginName login name
 	 * @param string $password
 	 * @return boolean
 	 */
-	public function createSessionToken(IRequest $request, $uid, $password) {
+	public function createSessionToken(IRequest $request, $uid, $loginName, $password) {
 		if (is_null($this->manager->get($uid))) {
 			// User does not exist
 			return false;
 		}
 		$name = isset($request->server['HTTP_USER_AGENT']) ? $request->server['HTTP_USER_AGENT'] : 'unknown browser';
-		$loggedIn = $this->login($uid, $password);
-		if ($loggedIn) {
-			try {
-				$sessionId = $this->session->getId();
-				$this->tokenProvider->generateToken($sessionId, $uid, $password, $name);
-			} catch (SessionNotAvailableException $ex) {
-				
-			}
+		try {
+			$sessionId = $this->session->getId();
+			$this->tokenProvider->generateToken($sessionId, $uid, $loginName, $password, $name);
+		} catch (SessionNotAvailableException $ex) {
+
 		}
-		return $loggedIn;
+		return true;
 	}
 
 	/**