diff options
author | Joas Schilling <coding@schilljs.com> | 2022-03-10 17:28:01 +0300 |
---|---|---|
committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2022-03-11 14:18:59 +0300 |
commit | eb174781fce2809da426b26b87d0ef20987e2fb4 (patch) | |
tree | 8427ed7dbf745d4ae641b7090ed9a62024d667ab | |
parent | e841487ea4bb8008ba647230245bea248144101c (diff) |
Validate the password before generating an apptoken
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r-- | core/Command/User/AddAppPassword.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/core/Command/User/AddAppPassword.php b/core/Command/User/AddAppPassword.php index 34c8dc67ccc..4f636c406fb 100644 --- a/core/Command/User/AddAppPassword.php +++ b/core/Command/User/AddAppPassword.php @@ -109,8 +109,10 @@ class AddAppPassword extends Command { return 1; } - $output->writeln('<info>The password is not validated so what you provide is what gets recorded in the token</info>'); - + if (!$this->userManager->checkPassword($user->getUID(), $password)) { + $output->writeln('<error>The provided password is invalid</error>'); + return 1; + } $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); $generatedToken = $this->tokenProvider->generateToken( |