diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2020-05-26 00:00:00 +0300 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2020-05-26 17:53:25 +0300 |
commit | 653162a70952be9c4bcdf9fb01df3b3f14031a20 (patch) | |
tree | ae170cda88dffb05a7f1fd08cd3f5c6e80ad10e5 /apps/settings/lib/Controller/ChangePasswordController.php | |
parent | 4bada5c7324d4ebf58a8ab2c8954b8e35cc883b2 (diff) |
use the loginname to verify the old password in user password changes
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps/settings/lib/Controller/ChangePasswordController.php')
-rw-r--r-- | apps/settings/lib/Controller/ChangePasswordController.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index 439731b22eb..e6567bf9043 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -89,8 +89,9 @@ class ChangePasswordController extends Controller { * @BruteForceProtection(action=changePersonalPassword) */ public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { + $loginName = $this->userSession->getLoginName(); /** @var IUser $user */ - $user = $this->userManager->checkPassword($this->userId, $oldpassword); + $user = $this->userManager->checkPassword($loginName, $oldpassword); if ($user === false) { $response = new JSONResponse([ 'status' => 'error', |