diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-12-04 16:35:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-04 16:35:44 +0100 |
| commit | f0862dcfaa0eee98a8cd5183f37cb92e96f5767a (patch) | |
| tree | 0323db6b8dd8e5491d28c9bd1cd50ab0d95521d0 /lib | |
| parent | 0d7819eb6c2f343ba3b3e11f9233cd4887332bb0 (diff) | |
| parent | 5cc348ae72ee2722261dd540de783a1d7d318326 (diff) | |
| download | nextcloud-server-f0862dcfaa0eee98a8cd5183f37cb92e96f5767a.tar.gz nextcloud-server-f0862dcfaa0eee98a8cd5183f37cb92e96f5767a.zip | |
Merge pull request #24552 from nextcloud/enh/remember_me_is_not_app_password
Remember me is not an app_password
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Session.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 37d518b6123..c2294cb1612 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -832,8 +832,18 @@ class Session implements IUserSession, Emitter { return false; } - // Set the session variable so we know this is an app password - $this->session->set('app_password', $token); + try { + $dbToken = $this->tokenProvider->getToken($token); + } catch (InvalidTokenException $e) { + // Can't really happen but better save than sorry + return true; + } + + // Remember me tokens are not app_passwords + if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { + // Set the session variable so we know this is an app password + $this->session->set('app_password', $token); + } return true; } |