4 files changed, 53 insertions, 8 deletions

diff --git a/apps/dav/lib/HookManager.php b/apps/dav/lib/HookManager.php
index 1e808e58656..57b176213e0 100644
--- a/apps/dav/lib/HookManager.php
+++ b/apps/dav/lib/HookManager.php
@@ -43,7 +43,7 @@ class HookManager {
 	private $syncService;
 
 	/** @var IUser[] */
-	private $usersToDelete;
+	private $usersToDelete = [];
 
 	/** @var CalDavBackend */
 	private $calDav;
@@ -52,10 +52,10 @@ class HookManager {
 	private $cardDav;
 
 	/** @var array */
-	private $calendarsToDelete;
+	private $calendarsToDelete = [];
 
 	/** @var array */
-	private $addressBooksToDelete;
+	private $addressBooksToDelete = [];
 
 	/** @var EventDispatcher */
 	private $eventDispatcher;
diff --git a/apps/files_external/js/statusmanager.js b/apps/files_external/js/statusmanager.js
index 3850351d213..563f8a76493 100644
--- a/apps/files_external/js/statusmanager.js
+++ b/apps/files_external/js/statusmanager.js
@@ -560,9 +560,6 @@ OCA.External.StatusManager.Utils = {
 			case 'windows_network_drive':
 				icon = OC.imagePath('windows_network_drive', 'folder-windows');
 				break;
-			case 'sharepoint':
-				icon = OC.imagePath('sharepoint', 'folder-sharepoint');
-				break;
 		}
 
 		return icon;
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 2f3d78b4d83..6eaa64cfac2 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -197,10 +197,18 @@ class AuthSettingsController extends Controller {
 	 *
 	 * @param int $id
 	 * @param array $scope
-	 * @return array
+	 * @return array|JSONResponse
 	 */
 	public function update($id, array $scope) {
-		$token = $this->tokenProvider->getTokenById((string)$id);
+		try {
+			$token = $this->tokenProvider->getTokenById((string)$id);
+			if ($token->getUID() !== $this->uid) {
+				throw new InvalidTokenException('User mismatch');
+			}
+		} catch (InvalidTokenException $e) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
 		$token->setScope([
 			'filesystem' => $scope['filesystem']
 		]);
diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php
index 5c1280ff4b0..461b32b7a48 100644
--- a/tests/Settings/Controller/AuthSettingsControllerTest.php
+++ b/tests/Settings/Controller/AuthSettingsControllerTest.php
@@ -212,6 +212,10 @@ class AuthSettingsControllerTest extends TestCase {
 			->willReturn($token);
 
 		$token->expects($this->once())
+			->method('getUID')
+			->willReturn('jane');
+
+		$token->expects($this->once())
 			->method('setScope')
 			->with($this->equalTo([
 				'filesystem' => true
@@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase {
 		$this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
 	}
 
+	public function testUpdateTokenWrongUser() {
+		$token = $this->createMock(DefaultToken::class);
+
+		$this->tokenProvider->expects($this->once())
+			->method('getTokenById')
+			->with($this->equalTo(42))
+			->willReturn($token);
+
+		$token->expects($this->once())
+			->method('getUID')
+			->willReturn('foobar');
+
+		$token->expects($this->never())
+			->method('setScope');
+		$this->tokenProvider->expects($this->never())
+			->method('updateToken');
+
+		$response = $this->controller->update(42, ['filesystem' => true]);
+		$this->assertSame([], $response->getData());
+		$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
+	}
+
+	public function testUpdateTokenNonExisting() {
+		$this->tokenProvider->expects($this->once())
+			->method('getTokenById')
+			->with($this->equalTo(42))
+			->willThrowException(new InvalidTokenException('Token does not exist'));
+
+		$this->tokenProvider->expects($this->never())
+			->method('updateToken');
+
+		$response = $this->controller->update(42, ['filesystem' => true]);
+		$this->assertSame([], $response->getData());
+		$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
+	}
+
 }