upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 08:44:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #51880 from nextcloud/backport/51870/stable31

Browse source 
[stable31] fix: Use login name to check the password
This commit is contained in:
Louis 2025-04-03 10:18:49 +02:00 committed by GitHub
commit 5d1a7b7b1f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
View file

@ -80,7 +80,8 @@ class PasswordConfirmationMiddleware extends Middleware {
if ($this->isPasswordConfirmationStrict($reflectionMethod)) {
$authHeader = $this->request->getHeader('Authorization');
[, $password] = explode(':', base64_decode(substr($authHeader, 6)), 2);
$loginResult = $this->userManager->checkPassword($user->getUid(), $password);
$loginName = $this->session->get('loginname');
$loginResult = $this->userManager->checkPassword($loginName, $password);
if ($loginResult === false) {
throw new NotConfirmedException();
}