Merge pull request #24565 from nextcloud/backport/24552/stable18

[stable18] Remember me is not an app_password
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2020-12-07 13:57:32 +0300
committer: GitHub <noreply@github.com> 2020-12-07 13:57:32 +0300
commit: 4ec5b3a82e0605faa22b72201a0aecb8e86d1dff (patch)
tree: 7e3f1792d1e51eda85ec013fdf586a48464bbfc8
parent: c1a8ddda0dd73210df2473465fdaaa7811009f09 (diff)
parent: 29ee3859278d57292238ad6884fbea44fcc91b34 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index b3e9ce722c7..81e6fe7e7b5 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -825,8 +825,18 @@ class Session implements IUserSession, Emitter {
 			return false;
 		}
 
-		// Set the session variable so we know this is an app password
-		$this->session->set('app_password', $token);
+		try {
+			$dbToken = $this->tokenProvider->getToken($token);
+		} catch (InvalidTokenException $e) {
+			// Can't really happen but better save than sorry
+			return true;
+		}
+
+		// Remember me tokens are not app_passwords
+		if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+			// Set the session variable so we know this is an app password
+			$this->session->set('app_password', $token);
+		}
 
 		return true;
 	}
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2020-12-07 13:57:32 +0300
committer	GitHub <noreply@github.com>	2020-12-07 13:57:32 +0300
commit	4ec5b3a82e0605faa22b72201a0aecb8e86d1dff (patch)
tree	7e3f1792d1e51eda85ec013fdf586a48464bbfc8
parent	c1a8ddda0dd73210df2473465fdaaa7811009f09 (diff)
parent	29ee3859278d57292238ad6884fbea44fcc91b34 (diff)