Skip to content
Snippets Groups Projects
Unverified Commit 50d823fc authored by Roeland Jago Douma's avatar Roeland Jago Douma Committed by GitHub
Browse files

Merge pull request #20859 from nextcloud/fix/20838/validate_apppassword 

Validate app password on alternative login
parents 0643801d ffad3f83
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/Controller/ClientFlowLoginController.php
+ 18
0
View file @ 50d823fc
...@@ -377,6 +377,24 @@ class ClientFlowLoginController extends Controller { ...@@ -377,6 +377,24 @@ class ClientFlowLoginController extends Controller {
return $this->stateTokenForbiddenResponse(); return $this->stateTokenForbiddenResponse();
} }
try {
$token = $this->tokenProvider->getToken($password);
if ($token->getLoginName() !== $user) {
throw new InvalidTokenException('login name does not match');
}
} catch (InvalidTokenException $e) {
$response = new StandaloneTemplateResponse(
$this->appName,
'403',
[
'message' => $this->l10n->t('Invalid app password'),
],
'guest'
);
$response->setStatus(Http::STATUS_FORBIDDEN);
return $response;
}
$redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password); $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
return new Http\RedirectResponse($redirectUri); return new Http\RedirectResponse($redirectUri);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment