upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

fix(apppasswords): Require password also on delete and update

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2026-04-13 15:09:10 +02:00
parent d28bfb484b
commit c9d7bce447
No known key found for this signature in database
GPG key ID: F72FA5B49FFA96B0
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/settings/lib/Controller/AuthSettingsController.php
View file

@ -173,6 +173,7 @@ class AuthSettingsController extends Controller {
* @return array|JSONResponse
*/
#[NoAdminRequired]
#[PasswordConfirmationRequired(strict: true)]
public function destroy($id) {
if ($this->checkAppToken()) {
return new JSONResponse([], Http::STATUS_BAD_REQUEST);
@ -201,6 +202,7 @@ class AuthSettingsController extends Controller {
* @return array|JSONResponse
*/
#[NoAdminRequired]
#[PasswordConfirmationRequired(strict: true)]
public function update($id, array $scope, string $name) {
if ($this->checkAppToken()) {
return new JSONResponse([], Http::STATUS_BAD_REQUEST);

4
apps/settings/src/store/authtoken.ts
View file

@ -77,7 +77,7 @@ export const useAuthTokenStore = defineStore('auth-token', {
* @param token Token to update
*/
async updateToken(token: IToken) {
const { data } = await axios.put(`${BASE_URL}/${token.id}`, token)
const { data } = await axios.put(`${BASE_URL}/${token.id}`, token, { confirmPassword: PwdConfirmationMode.Strict })
return data
},
@ -111,7 +111,7 @@ export const useAuthTokenStore = defineStore('auth-token', {
this.tokens = this.tokens.filter(({ id }) => id !== token.id)
try {
await axios.delete(`${BASE_URL}/${token.id}`)
await axios.delete(`${BASE_URL}/${token.id}`, { confirmPassword: PwdConfirmationMode.Strict })
logger.debug('App token deleted')
return true
} catch (error) {