summaryrefslogtreecommitdiffstats
path: root/lib/private/User
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-06-13 15:38:34 +0200
committerChristoph Wurst <christoph@owncloud.com>2016-06-13 15:38:34 +0200
commit331d88bcabd4a66b0efc89fa28b90d26e88f4637 (patch)
tree99eb438db1c3da9a3a07defc78f5fe47f41b0919 /lib/private/User
parent3840466f9aadb0f925ecfd03fb716293bdb68c0e (diff)
downloadnextcloud-server-331d88bcabd4a66b0efc89fa28b90d26e88f4637.tar.gz
nextcloud-server-331d88bcabd4a66b0efc89fa28b90d26e88f4637.zip
create session token on all APIs
Diffstat (limited to 'lib/private/User')
-rw-r--r--lib/private/User/Session.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index f560bb4bfc0..0376e81b6dc 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -348,10 +348,11 @@ class Session implements IUserSession, Emitter {
*
* @param string $user
* @param string $password
+ * @param IRequest $request
* @throws LoginException
* @return boolean
*/
- public function logClientIn($user, $password) {
+ public function logClientIn($user, $password, IRequest $request) {
$isTokenPassword = $this->isTokenPassword($password);
if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
// TODO: throw LoginException instead (https://github.com/owncloud/core/pull/24616)
@@ -368,6 +369,9 @@ class Session implements IUserSession, Emitter {
}
return false;
}
+
+ $this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
+
return true;
}
@@ -428,7 +432,8 @@ class Session implements IUserSession, Emitter {
*/
public function tryBasicAuthLogin(IRequest $request) {
if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) {
- $result = $this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW']);
+ $request = \OC::$server->getRequest();
+ $result = $this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request);
if ($result === true) {
/**
* Add DAV authenticated. This should in an ideal world not be