open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Validate the password before generating an apptoken

Browse Source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/31519/head
Joas Schilling 4 years ago
parent a6882deebc
commit 50ccf7e2cf
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
1 changed files with 4 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      core/Command/User/AddAppPassword.php

6
core/Command/User/AddAppPassword.php
Unescape View File

@ -109,8 +109,10 @@ class AddAppPassword extends Command {
return 1;
}
$output->writeln('<info>The password is not validated so what you provide is what gets recorded in the token</info>');
if (!$this->userManager->checkPassword($user->getUID(), $password)) {
$output->writeln('<error>The provided password is invalid</error>');
return 1;
}
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$generatedToken = $this->tokenProvider->generateToken(

Write Preview
Loading…
Cancel
Save