Merge pull request #24564 from nextcloud/backport/24552/stable19

[stable19] Remember me is not an app_password
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2020-12-07 13:56:43 +0300
committer: GitHub <noreply@github.com> 2020-12-07 13:56:43 +0300
commit: 7bff8a4c657b325ff7534612dd12cea2ff248119 (patch)
tree: 6480661498de80d639b928b66b8c82c6b5800a2c
parent: 71e406627e7891b59cc3ac3c897530556481f743 (diff)
parent: ec270ce35e45e93bce6f8cdf7bcebad078b5a627 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index a107f5ce004..71830cd1bbf 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -825,8 +825,18 @@ class Session implements IUserSession, Emitter {
 			return false;
 		}
 
-		// Set the session variable so we know this is an app password
-		$this->session->set('app_password', $token);
+		try {
+			$dbToken = $this->tokenProvider->getToken($token);
+		} catch (InvalidTokenException $e) {
+			// Can't really happen but better save than sorry
+			return true;
+		}
+
+		// Remember me tokens are not app_passwords
+		if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+			// Set the session variable so we know this is an app password
+			$this->session->set('app_password', $token);
+		}
 
 		return true;
 	}
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2020-12-07 13:56:43 +0300
committer	GitHub <noreply@github.com>	2020-12-07 13:56:43 +0300
commit	7bff8a4c657b325ff7534612dd12cea2ff248119 (patch)
tree	6480661498de80d639b928b66b8c82c6b5800a2c
parent	71e406627e7891b59cc3ac3c897530556481f743 (diff)
parent	ec270ce35e45e93bce6f8cdf7bcebad078b5a627 (diff)