Properly catch InvalidTokenException for better error response

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
author: Morris Jobke <hey@morrisjobke.de> 2018-01-09 11:41:08 +0100
committer: Morris Jobke <hey@morrisjobke.de> 2018-01-09 11:44:52 +0100
commit: 607f699259b4f2a5c07e9853541eb16e1b6fab05 (patch)
tree: a9abff0090400d6d83b2b0d1eedfb8a431621b66 /settings
parent: db6b9fdb6a1b0bce8b3d75dfbb727251860855df (diff)
download: nextcloud-server-607f699259b4f2a5c07e9853541eb16e1b6fab05.tar.gz
nextcloud-server-607f699259b4f2a5c07e9853541eb16e1b6fab05.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 7bb8a6654e6..8c0da77bcec 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -190,9 +190,18 @@ class AuthSettingsController extends Controller {
 	 *
 	 * @param int $id
 	 * @param array $scope
+	 * @return array|JSONResponse
 	 */
 	public function update($id, array $scope) {
-		$token = $this->tokenProvider->getTokenById($id);
+		try {
+			$token = $this->tokenProvider->getTokenById((string)$id);
+			if ($token->getUID() !== $this->uid) {
+				throw new InvalidTokenException('User mismatch');
+			}
+		} catch (InvalidTokenException $e) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
 		$token->setScope([
 			'filesystem' => $scope['filesystem']
 		]);
author	Morris Jobke <hey@morrisjobke.de>	2018-01-09 11:41:08 +0100
committer	Morris Jobke <hey@morrisjobke.de>	2018-01-09 11:44:52 +0100
commit	607f699259b4f2a5c07e9853541eb16e1b6fab05 (patch)
tree	a9abff0090400d6d83b2b0d1eedfb8a431621b66 /settings
parent	db6b9fdb6a1b0bce8b3d75dfbb727251860855df (diff)
download	nextcloud-server-607f699259b4f2a5c07e9853541eb16e1b6fab05.tar.gz nextcloud-server-607f699259b4f2a5c07e9853541eb16e1b6fab05.zip