Merge pull request #24563 from nextcloud/backport/24552/stable20

[stable20] Remember me is not an app_password
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2020-12-07 13:52:17 +0300
committer: GitHub <noreply@github.com> 2020-12-07 13:52:17 +0300
commit: b9011c1d1d4098b8359ac4adabf2e83f20e53428 (patch)
tree: 828baacef40b5c7d6d91381c7598bf726614043e
parent: 519ce1add9a06ad15c0841f676c0a45649bb1077 (diff)
parent: 607e9020703a4b6c33ac17b1b9e6f204d1ca7c01 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 37d518b6123..c2294cb1612 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -832,8 +832,18 @@ class Session implements IUserSession, Emitter {
 			return false;
 		}
 
-		// Set the session variable so we know this is an app password
-		$this->session->set('app_password', $token);
+		try {
+			$dbToken = $this->tokenProvider->getToken($token);
+		} catch (InvalidTokenException $e) {
+			// Can't really happen but better save than sorry
+			return true;
+		}
+
+		// Remember me tokens are not app_passwords
+		if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+			// Set the session variable so we know this is an app password
+			$this->session->set('app_password', $token);
+		}
 
 		return true;
 	}
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2020-12-07 13:52:17 +0300
committer	GitHub <noreply@github.com>	2020-12-07 13:52:17 +0300
commit	b9011c1d1d4098b8359ac4adabf2e83f20e53428 (patch)
tree	828baacef40b5c7d6d91381c7598bf726614043e
parent	519ce1add9a06ad15c0841f676c0a45649bb1077 (diff)
parent	607e9020703a4b6c33ac17b1b9e6f204d1ca7c01 (diff)