Update password confirmation middleware

If the userbackend doesn't allow validating the password for a given uid then there is no need to perform this check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
nextcloud · Oct 11, 2018 · 9f6327b · 9f6327b
1 parent df97362
commit 9f6327b
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -29,6 +29,7 @@
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\ISession;
 use OCP\IUserSession;
+use OCP\User\Backend\IPasswordConfirmationBackend;
 
 class PasswordConfirmationMiddleware extends Middleware {
 	/** @var ControllerMethodReflector */
@@ -68,6 +69,13 @@ public function beforeController($controller, $methodName) {
 			$user = $this->userSession->getUser();
 			$backendClassName = '';
 			if ($user !== null) {
+				$backend = $user->getBackend();
+				if ($backend instanceof IPasswordConfirmationBackend) {
+					if (!$backend->canConfirmPassword($user->getUID())) {
+						return;
+					}
+				}
+
 				$backendClassName = $user->getBackendClassName();
 			}