diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-12-07 13:56:43 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-07 13:56:43 +0300 |
commit | 7bff8a4c657b325ff7534612dd12cea2ff248119 (patch) | |
tree | 6480661498de80d639b928b66b8c82c6b5800a2c | |
parent | 71e406627e7891b59cc3ac3c897530556481f743 (diff) | |
parent | ec270ce35e45e93bce6f8cdf7bcebad078b5a627 (diff) |
Merge pull request #24564 from nextcloud/backport/24552/stable19
[stable19] Remember me is not an app_password
-rw-r--r-- | lib/private/User/Session.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index a107f5ce004..71830cd1bbf 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -825,8 +825,18 @@ class Session implements IUserSession, Emitter { return false; } - // Set the session variable so we know this is an app password - $this->session->set('app_password', $token); + try { + $dbToken = $this->tokenProvider->getToken($token); + } catch (InvalidTokenException $e) { + // Can't really happen but better save than sorry + return true; + } + + // Remember me tokens are not app_passwords + if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { + // Set the session variable so we know this is an app password + $this->session->set('app_password', $token); + } return true; } |