upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-13 18:50:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Merge pull request #51879 from nextcloud/backport/51870/stable30

Browse source 
[stable30] fix: Use login name to check the password
This commit is contained in:
Ferdinand Thiessen 2025-04-03 08:50:52 +02:00 committed by GitHub
commit c3d0afd77d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
View file

@ -80,7 +80,8 @@ class PasswordConfirmationMiddleware extends Middleware {
if ($this->isPasswordConfirmationStrict($reflectionMethod)) {
$authHeader = $this->request->getHeader('Authorization');
[, $password] = explode(':', base64_decode(substr($authHeader, 6)), 2);
$loginResult = $this->userManager->checkPassword($user->getUid(), $password);
$loginName = $this->session->get('loginname');
$loginResult = $this->userManager->checkPassword($loginName, $password);
if ($loginResult === false) {
throw new NotConfirmedException();
}