upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 08:44:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(apppasswords): Require password also on delete and update

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2026-04-13 15:09:10 +02:00 committed by backportbot[bot]
parent 32462cdccc
commit 03cff6f2bc
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/settings/lib/Controller/AuthSettingsController.php
View file

@ -155,6 +155,7 @@ class AuthSettingsController extends Controller {
* @return array|JSONResponse
*/
#[NoAdminRequired]
#[PasswordConfirmationRequired(strict: true)]
public function destroy($id) {
if ($this->checkAppToken()) {
return new JSONResponse([], Http::STATUS_BAD_REQUEST);
@ -183,6 +184,7 @@ class AuthSettingsController extends Controller {
* @return array|JSONResponse
*/
#[NoAdminRequired]
#[PasswordConfirmationRequired(strict: true)]
public function update($id, array $scope, string $name) {
if ($this->checkAppToken()) {
return new JSONResponse([], Http::STATUS_BAD_REQUEST);

4
apps/settings/src/store/authtoken.ts
View file

@ -72,7 +72,7 @@ export const useAuthTokenStore = defineStore('auth-token', {
* @param token Token to update
*/
async updateToken(token: IToken) {
const { data } = await axios.put(`${BASE_URL}/${token.id}`, token)
const { data } = await axios.put(`${BASE_URL}/${token.id}`, token, { confirmPassword: PwdConfirmationMode.Strict })
return data
},
@ -105,7 +105,7 @@ export const useAuthTokenStore = defineStore('auth-token', {
this.tokens = this.tokens.filter(({ id }) => id !== token.id)
try {
await axios.delete(`${BASE_URL}/${token.id}`)
await axios.delete(`${BASE_URL}/${token.id}`, { confirmPassword: PwdConfirmationMode.Strict })
logger.debug('App token deleted')
return true
} catch (error) {