upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 09:42:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 40

Return correct loginname in credentials,

Browse source 
even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
This commit is contained in:
Lionel Elie Mamane 2020-06-07 14:15:10 +02:00
parent 708bd38d6c
commit 80973cd60b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/private/Authentication/LoginCredentials/Store.php
View file

@ -112,7 +112,7 @@ class Store implements IStore {
if ($trySession && $this->session->exists('login_credentials')) {
$creds = json_decode($this->session->get('login_credentials'));
return new Credentials($creds->uid, $creds->uid, $creds->password);
return new Credentials($creds->uid, $this->session->get('loginname'), $creds->password);
}
// If we reach this line, an exception was thrown.