Merge pull request #38287 from nextcloud/session-auth-check-username-20

[20] check the username when doing external storage session auth

Author: icewind1991

apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php

@@ -31,6 +31,7 @@
 use OCP\Authentication\Exceptions\CredentialsUnavailableException;
 use OCP\Authentication\LoginCredentials\IStore as CredentialsStore;
 use OCP\Files\Storage;
+use OCP\Files\StorageAuthException;
 use OCP\IL10N;
 use OCP\IUser;
 
@@ -58,6 +59,10 @@ public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = n
 			throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved');
 		}
 
+		if ($credentials->getUID() !== $user->getUID()) {
+			throw new StorageAuthException('Session credentials for storage owner not available');
+		}
+
 		$storage->setBackendOption('user', $credentials->getLoginName());
 		$storage->setBackendOption('password', $credentials->getPassword());
 	}