diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-12-17 13:46:57 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2021-01-20 10:46:07 +0300 |
| commit | 76367c5c38c59404a6a99ff4b5b489fa4c39373d (patch) | |
| tree | 084c9da8d7c9e768296cdf4b75e966c5a1c87d1d /apps | |
| parent | e22ce096442968b2cc3abb1ee730dfa7465d4438 (diff) | |
Don't save credentials of another user
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php index 6bf6b61f164..b8279f5ca61 100644 --- a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php @@ -79,6 +79,11 @@ class LoginCredentials extends AuthMechanism { try { $sessionCredentials = $this->credentialsStore->getLoginCredentials(); + if ($sessionCredentials->getUID() !== $user->getUID()) { + // Can't take the credentials from the session as they are not the same user + throw new CredentialsUnavailableException(); + } + $credentials = [ 'user' => $sessionCredentials->getLoginName(), 'password' => $sessionCredentials->getPassword() |