diff options
| author | Greta Doci <gretadoci@gmail.com> | 2019-06-12 14:26:01 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-09-15 12:04:27 +0200 |
| commit | 0a874c51af8dd6652c694f0545489af23d53771a (patch) | |
| tree | 6781c94e2bb54cf4392ae826abf08086ff277321 /settings/Controller | |
| parent | d231fc9843b117c3361ce0b4e030d55c59607005 (diff) | |
| download | nextcloud-server-0a874c51af8dd6652c694f0545489af23d53771a.tar.gz nextcloud-server-0a874c51af8dd6652c694f0545489af23d53771a.zip | |
Disable app token creation for impersonated people, ref #15539
Signed-off-by: Greta Doci <gretadoci@gmail.com>
Diffstat (limited to 'settings/Controller')
| -rw-r--r-- | settings/Controller/AuthSettingsController.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php index da9414dcb10..7582f1287b9 100644 --- a/settings/Controller/AuthSettingsController.php +++ b/settings/Controller/AuthSettingsController.php @@ -44,6 +44,7 @@ use OCP\AppFramework\Http\JSONResponse; use OCP\ILogger; use OCP\IRequest; use OCP\ISession; +use OCP\IUserSession; use OCP\Security\ISecureRandom; use OCP\Session\Exceptions\SessionNotAvailableException; @@ -55,6 +56,9 @@ class AuthSettingsController extends Controller { /** @var ISession */ private $session; + /** IUserSession */ + private $userSession; + /** @var string */ private $uid; @@ -77,6 +81,7 @@ class AuthSettingsController extends Controller { * @param ISession $session * @param ISecureRandom $random * @param string|null $userId + * @param IUserSession $userSession * @param IManager $activityManager * @param RemoteWipe $remoteWipe * @param ILogger $logger @@ -87,12 +92,14 @@ class AuthSettingsController extends Controller { ISession $session, ISecureRandom $random, ?string $userId, + IUserSession $userSession, IManager $activityManager, RemoteWipe $remoteWipe, ILogger $logger) { parent::__construct($appName, $request); $this->tokenProvider = $tokenProvider; $this->uid = $userId; + $this->userSession = $userSession; $this->session = $session; $this->random = $random; $this->activityManager = $activityManager; @@ -114,6 +121,10 @@ class AuthSettingsController extends Controller { } catch (SessionNotAvailableException $ex) { return $this->getServiceNotAvailableResponse(); } + if ($this->userSession->getImpersonatingUserID() !== null) + { + return $this->getServiceNotAvailableResponse(); + } try { $sessionToken = $this->tokenProvider->getToken($sessionId); |