set 'app_password' session value only when using a permanent token

Signed-off-by: Julien Veyssier <[email protected]>
nextcloud · Dec 30, 2021 · 853bcff · 853bcff
1 parent e40828d
commit 853bcff
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php
@@ -111,6 +111,13 @@ public function getName(): string;
 	 */
 	public function getRemember(): int;
 
+	/**
+	 * Get the token type
+	 *
+	 * @return int
+	 */
+	public function getType(): int;
+
 	/**
 	 * Set the token
 	 *

diff --git a/lib/private/Authentication/Token/PublicKeyToken.php b/lib/private/Authentication/Token/PublicKeyToken.php
@@ -35,7 +35,6 @@
  * @method void setLoginName(string $loginname)
  * @method string getToken()
  * @method void setType(int $type)
- * @method int getType()
  * @method void setRemember(int $remember)
  * @method void setLastActivity(int $lastactivity)
  * @method int getLastActivity()
@@ -201,6 +200,10 @@ public function setName(string $name): void {
 		parent::setName($name);
 	}
 
+	public function getType(): int {
+		return parent::getType();
+	}
+
 	public function getRemember(): int {
 		return parent::getRemember();
 	}

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -847,8 +847,7 @@ public function tryTokenLogin(IRequest $request) {
 			return true;
 		}
 
-		// Remember me tokens are not app_passwords
-		if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+		if ($dbToken->getType() === IToken::PERMANENT_TOKEN) {
 			// Set the session variable so we know this is an app password
 			$this->session->set('app_password', $token);
 		}