diff options
| author | Joas Schilling <coding@schilljs.com> | 2022-03-22 10:51:54 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2022-03-23 10:47:56 +0100 |
| commit | a0c7798c7dd0ec537a6ed3b964103a9ad94d2040 (patch) | |
| tree | 9e68e05927644e5b382420ed5dabdbbd5688c569 /lib | |
| parent | 0fa17f8902e7391f189227b406a0058af6c4a4e0 (diff) | |
| download | nextcloud-server-a0c7798c7dd0ec537a6ed3b964103a9ad94d2040.tar.gz nextcloud-server-a0c7798c7dd0ec537a6ed3b964103a9ad94d2040.zip | |
Limit the length of app password names
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/Token/Manager.php | 4 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 0a7a821e23e..ae0874733f8 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -61,6 +61,10 @@ class Manager implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (mb_strlen($name) > 128) { + throw new InvalidTokenException('The given name is too long'); + } + try { return $this->publicKeyTokenProvider->generateToken( $token, diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index d2ee47cf380..26337029d77 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -84,6 +84,10 @@ class PublicKeyTokenProvider implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (mb_strlen($name) > 128) { + throw new InvalidTokenException('The given name is too long'); + } + $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); $this->mapper->insert($dbToken); |