Skip to content

Commit 1dcfab0

Browse files
authored
Merge pull request #25225 from nextcloud/backport/24600/stable20
[stable20] Update handling of user credentials
2 parents ae48e26 + fcdbd4e commit 1dcfab0

File tree

4 files changed

+24
-4
lines changed

4 files changed

+24
-4
lines changed

apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,11 @@ private function getCredentials(IUser $user): array {
7979
try {
8080
$sessionCredentials = $this->credentialsStore->getLoginCredentials();
8181

82+
if ($sessionCredentials->getUID() !== $user->getUID()) {
83+
// Can't take the credentials from the session as they are not the same user
84+
throw new CredentialsUnavailableException();
85+
}
86+
8287
$credentials = [
8388
'user' => $sessionCredentials->getLoginName(),
8489
'password' => $sessionCredentials->getPassword()

apps/files_external/lib/Listener/StorePasswordListener.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,14 @@ public function handle(Event $event): void {
5151
}
5252

5353
$stored = $this->credentialsManager->retrieve($event->getUser()->getUID(), LoginCredentials::CREDENTIALS_IDENTIFIER);
54+
$update = isset($stored['password']) && $stored['password'] !== $event->getPassword();
55+
if (!$update && $event instanceof UserLoggedInEvent) {
56+
$update = isset($stored['user']) && $stored['user'] !== $event->getLoginName();
57+
}
5458

55-
if ($stored && $stored['password'] !== $event->getPassword()) {
59+
if ($stored && $update) {
5660
$credentials = [
57-
'user' => $stored['user'],
61+
'user' => $event->getLoginName(),
5862
'password' => $event->getPassword()
5963
];
6064

lib/private/Server.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -569,7 +569,7 @@ public function __construct($webRoot, \OC\Config $config) {
569569

570570
/** @var IEventDispatcher $dispatcher */
571571
$dispatcher = $this->query(IEventDispatcher::class);
572-
$dispatcher->dispatchTyped(new UserLoggedInEvent($user, $password, $isTokenLogin));
572+
$dispatcher->dispatchTyped(new UserLoggedInEvent($user, $loginName, $password, $isTokenLogin));
573573
});
574574
$userSession->listen('\OC\User', 'preRememberedLogin', function ($uid) {
575575
/** @var IEventDispatcher $dispatcher */

lib/public/User/Events/UserLoggedInEvent.php

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,14 +43,18 @@ class UserLoggedInEvent extends Event {
4343
/** @var bool */
4444
private $isTokenLogin;
4545

46+
/** @var string */
47+
private $loginName;
48+
4649
/**
4750
* @since 18.0.0
4851
*/
49-
public function __construct(IUser $user, string $password, bool $isTokenLogin) {
52+
public function __construct(IUser $user, string $loginName, string $password, bool $isTokenLogin) {
5053
parent::__construct();
5154
$this->user = $user;
5255
$this->password = $password;
5356
$this->isTokenLogin = $isTokenLogin;
57+
$this->loginName = $loginName;
5458
}
5559

5660
/**
@@ -60,6 +64,13 @@ public function getUser(): IUser {
6064
return $this->user;
6165
}
6266

67+
/**
68+
* @since 21.0.0
69+
*/
70+
public function getLoginName(): string {
71+
return $this->loginName;
72+
}
73+
6374
/**
6475
* @since 18.0.0
6576
*/

0 commit comments

Comments
 (0)