Disable app token creation for impersonated people, ref #15539

Signed-off-by: Greta Doci <gretadoci@gmail.com>

2 files changed, 40 insertions, 0 deletions

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 13519d97ef4..ba909c81053 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -315,6 +315,29 @@ class Session implements IUserSession, Emitter {
 	}
 
 	/**
+	 * @return mixed
+	 */
+	public function getImpersonatingUserID(): ?string {
+
+		return $this->session->get('oldUserId');
+
+	}
+
+	public function setImpersonatingUserID(bool $useCurrentUser = true): void {
+		if ($useCurrentUser === false) {
+			$this->session->remove('oldUserId');
+			return;
+		}
+
+		$currentUser = $this->getUser();
+
+		if ($currentUser === null) {
+			throw new \OC\User\NoUserException();
+		}
+		$this->session->set('oldUserId', $currentUser->getUID());
+
+	}
+	/**
 	 * set the token id
 	 *
 	 * @param int|null $token that was used to log in
diff --git a/lib/public/IUserSession.php b/lib/public/IUserSession.php
index d7bf5f9a385..b3c470e5be5 100644
--- a/lib/public/IUserSession.php
+++ b/lib/public/IUserSession.php
@@ -42,6 +42,7 @@ namespace OCP;
 interface IUserSession {
 	/**
 	 * Do a user login
+	 *
 	 * @param string $user the username
 	 * @param string $password the password
 	 * @return bool true if successful
@@ -52,6 +53,7 @@ interface IUserSession {
 	/**
 	 * Logs the user out including all the session data
 	 * Logout, destroys session
+	 *
 	 * @return void
 	 * @since 6.0.0
 	 */
@@ -80,4 +82,19 @@ interface IUserSession {
 	 * @since 8.0.0
 	 */
 	public function isLoggedIn();
+
+	/**
+	 * get getImpersonatingUserID
+	 *
+	 * @return string|null
+	 * @since 18.0.0
+	 */
+	public function getImpersonatingUserID(): ?string;
+
+	/**
+	 * set setImpersonatingUserID
+	 *
+	 * @since 18.0.0
+	 */
+	public function setImpersonatingUserID(bool $useCurrentUser = true): void;
 }