Skip to content

Harden apptoken check #27000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rullzer merged 1 commit into from
May 18, 2021
Merged

Harden apptoken check #27000

rullzer merged 1 commit into from
May 18, 2021

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented May 17, 2021

Signed-off-by: Roeland Jago Douma [email protected]

@rullzer rullzer added the 2. developing Work in progress label May 17, 2021
@rullzer rullzer added this to the Nextcloud 22 milestone May 17, 2021
@rullzer rullzer force-pushed the enh/apptoken/check_apptoken branch from 0bcb1ae to 4a2775a Compare May 17, 2021 14:04
@rullzer
Harden apptoken check
4a2775a 
Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer added 3. to review Waiting for reviews and removed 2. developing Work in progress labels May 18, 2021
nickvergessen
nickvergessen approved these changes May 18, 2021
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good enough for now

@rullzer rullzer merged commit e008b79 into master May 18, 2021
@rullzer rullzer deleted the enh/apptoken/check_apptoken branch May 18, 2021 07:28
@rullzer
Copy link
Member Author

rullzer commented May 18, 2021

/backport to stable21

@rullzer
Copy link
Member Author

rullzer commented May 18, 2021

/backport to stable20

@rullzer
Copy link
Member Author

rullzer commented May 18, 2021

/backport to stable19

@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented May 18, 2021

The backport to stable21 failed. Please do this backport manually.

@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented May 18, 2021

The backport to stable19 failed. Please do this backport manually.

@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented May 18, 2021

The backport to stable20 failed. Please do this backport manually.

@rullzer
Copy link
Member Author

rullzer commented May 18, 2021

/backport to stable21

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request May 18, 2021
Merged
@rullzer
Copy link
Member Author

rullzer commented May 18, 2021

/backport to stable20

@rullzer
Copy link
Member Author

rullzer commented May 18, 2021

/backport to stable19

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request May 18, 2021
Merged
@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request May 18, 2021
Merged
@dublutz
Copy link

dublutz commented Jul 6, 2021

Hi guys, thank you for your work on this one.
I guess I'm missing the context but why do you return Http::STATUS_BAD_REQUEST status code when the $this->checkAppToken() returns TRUE. This means that the session exists, right? Thanks for clarifying!

@nickvergessen
Copy link
Member

nickvergessen commented Jul 7, 2021

When the request is done by an apptoken it is not allowed to manage app tokens. Otherwise an app token could create another app token. This is not wanted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@LukasReschke LukasReschke LukasReschke approved these changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

Assignees

No one assigned

Labels

3. to review Waiting for reviews

Projects

None yet

Milestone

Nextcloud 22

Development

Successfully merging this pull request may close these issues.

5 participants

@rullzer @dublutz @nickvergessen @LukasReschke