upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Validate the password before generating an apptoken

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2022-03-10 15:28:01 +01:00
parent a6882deebc
commit 50ccf7e2cf
No known key found for this signature in database
GPG key ID: 7076EA9751AACDDA
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/Command/User/AddAppPassword.php
View file

@ -109,8 +109,10 @@ class AddAppPassword extends Command {
return 1;
}
$output->writeln('<info>The password is not validated so what you provide is what gets recorded in the token</info>');
if (!$this->userManager->checkPassword($user->getUID(), $password)) {
$output->writeln('<error>The provided password is invalid</error>');
return 1;
}
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$generatedToken = $this->tokenProvider->generateToken(