Update password confirmation middleware

If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

1 files changed, 8 insertions, 0 deletions

diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index 7c1c4595e9a..d752a68cf32 100644
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -29,6 +29,7 @@ use OCP\AppFramework\Middleware;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\ISession;
 use OCP\IUserSession;
+use OCP\User\Backend\IPasswordConfirmationBackend;
 
 class PasswordConfirmationMiddleware extends Middleware {
 	/** @var ControllerMethodReflector */
@@ -70,6 +71,13 @@ class PasswordConfirmationMiddleware extends Middleware {
 			$user = $this->userSession->getUser();
 			$backendClassName = '';
 			if ($user !== null) {
+				$backend = $user->getBackend();
+				if ($backend instanceof IPasswordConfirmationBackend) {
+					if (!$backend->canConfirmPassword($user->getUID())) {
+						return;
+					}
+				}
+
 				$backendClassName = $user->getBackendClassName();
 			}