Remember me is not an app_password

While technically they are stored the same. This session variable is used to indicate that a user is using an app password to authenticate. Like from a client. Or when having it generated automatically. Signed-off-by: Roeland Jago Douma <[email protected]>
nextcloud · rullzer · Dec 7, 2020 · Dec 4, 2020 · Dec 4, 2020 · Dec 4, 2020
commit 7dbb6ea7ba4e5e888eaba897602ae9762947dcb6
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -825,8 +825,18 @@ public function tryTokenLogin(IRequest $request) {
 			return false;
 		}
 
-		// Set the session variable so we know this is an app password
-		$this->session->set('app_password', $token);
+		try {
+			$dbToken = $this->tokenProvider->getToken($token);
+		} catch (InvalidTokenException $e) {
+			// Can't relaly happen but better save than sorry
+			return true;
+		}
+
+		// Remember me tokens are not app_passwords
+		if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+			// Set the session variable so we know this is an app password
+			$this->session->set('app_password', $token);
+		}
 
 		return true;
 	}