Properly catch InvalidTokenException for better error response

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
author: Morris Jobke <hey@morrisjobke.de> 2018-01-09 11:41:08 +0100
committer: Morris Jobke <hey@morrisjobke.de> 2018-01-24 13:56:12 +0100
commit: abd33bb619113968f442998b2dc1572456c215f9 (patch)
tree: c6207de1c0e45adfc3e4467ba482ceb166dee4b6 /settings/Controller
parent: 5520ba3d15b088e9151ffef89f7cd389c470563b (diff)
download: nextcloud-server-abd33bb619113968f442998b2dc1572456c215f9.tar.gz
nextcloud-server-abd33bb619113968f442998b2dc1572456c215f9.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 2f3d78b4d83..6eaa64cfac2 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -197,10 +197,18 @@ class AuthSettingsController extends Controller {
 	 *
 	 * @param int $id
 	 * @param array $scope
-	 * @return array
+	 * @return array|JSONResponse
 	 */
 	public function update($id, array $scope) {
-		$token = $this->tokenProvider->getTokenById((string)$id);
+		try {
+			$token = $this->tokenProvider->getTokenById((string)$id);
+			if ($token->getUID() !== $this->uid) {
+				throw new InvalidTokenException('User mismatch');
+			}
+		} catch (InvalidTokenException $e) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
 		$token->setScope([
 			'filesystem' => $scope['filesystem']
 		]);
author	Morris Jobke <hey@morrisjobke.de>	2018-01-09 11:41:08 +0100
committer	Morris Jobke <hey@morrisjobke.de>	2018-01-24 13:56:12 +0100
commit	abd33bb619113968f442998b2dc1572456c215f9 (patch)
tree	c6207de1c0e45adfc3e4467ba482ceb166dee4b6 /settings/Controller
parent	5520ba3d15b088e9151ffef89f7cd389c470563b (diff)
download	nextcloud-server-abd33bb619113968f442998b2dc1572456c215f9.tar.gz nextcloud-server-abd33bb619113968f442998b2dc1572456c215f9.zip