Properly catch InvalidTokenException for better error response

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
author: Morris Jobke <hey@morrisjobke.de> 2018-01-09 11:41:08 +0100
committer: Morris Jobke <hey@morrisjobke.de> 2018-01-18 16:11:21 +0100
commit: 9cda3206ff53d9aeaa4339215e640da6829a5c67 (patch)
tree: 3048e05f53df6a90dbaadcfee30355a0787a9df4 /settings
parent: a0499e02585d8f1e0c4547fdfaee7551bfafe4c4 (diff)
download: nextcloud-server-9cda3206ff53d9aeaa4339215e640da6829a5c67.tar.gz
nextcloud-server-9cda3206ff53d9aeaa4339215e640da6829a5c67.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 2f3d78b4d83..6eaa64cfac2 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -197,10 +197,18 @@ class AuthSettingsController extends Controller {
 	 *
 	 * @param int $id
 	 * @param array $scope
-	 * @return array
+	 * @return array|JSONResponse
 	 */
 	public function update($id, array $scope) {
-		$token = $this->tokenProvider->getTokenById((string)$id);
+		try {
+			$token = $this->tokenProvider->getTokenById((string)$id);
+			if ($token->getUID() !== $this->uid) {
+				throw new InvalidTokenException('User mismatch');
+			}
+		} catch (InvalidTokenException $e) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
 		$token->setScope([
 			'filesystem' => $scope['filesystem']
 		]);
author	Morris Jobke <hey@morrisjobke.de>	2018-01-09 11:41:08 +0100
committer	Morris Jobke <hey@morrisjobke.de>	2018-01-18 16:11:21 +0100
commit	9cda3206ff53d9aeaa4339215e640da6829a5c67 (patch)
tree	3048e05f53df6a90dbaadcfee30355a0787a9df4 /settings
parent	a0499e02585d8f1e0c4547fdfaee7551bfafe4c4 (diff)
download	nextcloud-server-9cda3206ff53d9aeaa4339215e640da6829a5c67.tar.gz nextcloud-server-9cda3206ff53d9aeaa4339215e640da6829a5c67.zip