From a0c7798c7dd0ec537a6ed3b964103a9ad94d2040 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 22 Mar 2022 10:51:54 +0100
Subject: Limit the length of app password names

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/settings/lib/Controller/AuthSettingsController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'apps')

diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php
index 3255fcce56e..38db7be1e91 100644
--- a/apps/settings/lib/Controller/AuthSettingsController.php
+++ b/apps/settings/lib/Controller/AuthSettingsController.php
@@ -145,6 +145,10 @@ class AuthSettingsController extends Controller {
 			return $this->getServiceNotAvailableResponse();
 		}
 
+		if (mb_strlen($name) > 128) {
+			$name = mb_substr($name, 0, 120) . '…';
+		}
+
 		$token = $this->generateRandomDeviceToken();
 		$deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
 		$tokenData = $deviceToken->jsonSerialize();
@@ -241,6 +245,10 @@ class AuthSettingsController extends Controller {
 			$this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
 		}
 
+		if (mb_strlen($name) > 128) {
+			$name = mb_substr($name, 0, 120) . '…';
+		}
+
 		if ($token instanceof INamedToken && $name !== $currentName) {
 			$token->setName($name);
 			$this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]);
-- 
cgit v1.2.3