diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-12-07 13:52:17 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-07 13:52:17 +0300 |
commit | b9011c1d1d4098b8359ac4adabf2e83f20e53428 (patch) | |
tree | 828baacef40b5c7d6d91381c7598bf726614043e | |
parent | 519ce1add9a06ad15c0841f676c0a45649bb1077 (diff) | |
parent | 607e9020703a4b6c33ac17b1b9e6f204d1ca7c01 (diff) |
Merge pull request #24563 from nextcloud/backport/24552/stable20
[stable20] Remember me is not an app_password
-rw-r--r-- | lib/private/User/Session.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 37d518b6123..c2294cb1612 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -832,8 +832,18 @@ class Session implements IUserSession, Emitter { return false; } - // Set the session variable so we know this is an app password - $this->session->set('app_password', $token); + try { + $dbToken = $this->tokenProvider->getToken($token); + } catch (InvalidTokenException $e) { + // Can't really happen but better save than sorry + return true; + } + + // Remember me tokens are not app_passwords + if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { + // Set the session variable so we know this is an app password + $this->session->set('app_password', $token); + } return true; } |