diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2022-03-23 14:12:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-23 14:12:20 +0100 |
| commit | c1215f573ae98fb3cf66f9ff5dc408574a7df560 (patch) | |
| tree | bf688953404dae6ca0488cca0391fb0491eddb65 /lib/private | |
| parent | 0fa17f8902e7391f189227b406a0058af6c4a4e0 (diff) | |
| parent | 343476f54f9d1fab088c3ef17827a49630f591c0 (diff) | |
| download | nextcloud-server-c1215f573ae98fb3cf66f9ff5dc408574a7df560.tar.gz nextcloud-server-c1215f573ae98fb3cf66f9ff5dc408574a7df560.zip | |
Merge pull request #31658 from nextcloud/bugfix/noid/limit-token-names
Limit the length of app password names
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Authentication/Token/Manager.php | 4 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 0a7a821e23e..ae0874733f8 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -61,6 +61,10 @@ class Manager implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (mb_strlen($name) > 128) { + throw new InvalidTokenException('The given name is too long'); + } + try { return $this->publicKeyTokenProvider->generateToken( $token, diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index d2ee47cf380..26337029d77 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -84,6 +84,10 @@ class PublicKeyTokenProvider implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (mb_strlen($name) > 128) { + throw new InvalidTokenException('The given name is too long'); + } + $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); $this->mapper->insert($dbToken); |