diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-12-07 13:57:32 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-07 13:57:32 +0300 |
commit | 4ec5b3a82e0605faa22b72201a0aecb8e86d1dff (patch) | |
tree | 7e3f1792d1e51eda85ec013fdf586a48464bbfc8 | |
parent | c1a8ddda0dd73210df2473465fdaaa7811009f09 (diff) | |
parent | 29ee3859278d57292238ad6884fbea44fcc91b34 (diff) |
Merge pull request #24565 from nextcloud/backport/24552/stable18
[stable18] Remember me is not an app_password
-rw-r--r-- | lib/private/User/Session.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index b3e9ce722c7..81e6fe7e7b5 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -825,8 +825,18 @@ class Session implements IUserSession, Emitter { return false; } - // Set the session variable so we know this is an app password - $this->session->set('app_password', $token); + try { + $dbToken = $this->tokenProvider->getToken($token); + } catch (InvalidTokenException $e) { + // Can't really happen but better save than sorry + return true; + } + + // Remember me tokens are not app_passwords + if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { + // Set the session variable so we know this is an app password + $this->session->set('app_password', $token); + } return true; } |