From d5eee7d5416da482161bac95cd84abc943917d8d Mon Sep 17 00:00:00 2001
From: Julien Veyssier <eneiluj@posteo.net>
Date: Tue, 16 Nov 2021 11:39:40 +0100
Subject: [PATCH] set 'app_password' session value only when using a permanent
 token

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
---
 lib/private/Authentication/Token/DefaultToken.php   | 5 ++++-
 lib/private/Authentication/Token/IToken.php         | 7 +++++++
 lib/private/Authentication/Token/PublicKeyToken.php | 5 ++++-
 lib/private/User/Session.php                        | 3 +--
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php
index 5a008586a9018..60abea0396487 100644
--- a/lib/private/Authentication/Token/DefaultToken.php
+++ b/lib/private/Authentication/Token/DefaultToken.php
@@ -35,7 +35,6 @@
  * @method void setLoginName(string $loginname)
  * @method string getToken()
  * @method void setType(int $type)
- * @method int getType()
  * @method void setRemember(int $remember)
  * @method void setLastActivity(int $lastactivity)
  * @method int getLastActivity()
@@ -188,6 +187,10 @@ public function getRemember(): int {
 		return parent::getRemember();
 	}
 
+	public function getType(): int {
+		return parent::getType();
+	}
+
 	public function setToken(string $token) {
 		parent::setToken($token);
 	}
diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php
index 5ca4eaea84372..9a96e0ec23890 100644
--- a/lib/private/Authentication/Token/IToken.php
+++ b/lib/private/Authentication/Token/IToken.php
@@ -111,6 +111,13 @@ public function getName(): string;
 	 */
 	public function getRemember(): int;
 
+	/**
+	 * Get the token type
+	 *
+	 * @return int
+	 */
+	public function getType(): int;
+
 	/**
 	 * Set the token
 	 *
diff --git a/lib/private/Authentication/Token/PublicKeyToken.php b/lib/private/Authentication/Token/PublicKeyToken.php
index 3351c767ce3bc..16a80193e8474 100644
--- a/lib/private/Authentication/Token/PublicKeyToken.php
+++ b/lib/private/Authentication/Token/PublicKeyToken.php
@@ -35,7 +35,6 @@
  * @method void setLoginName(string $loginname)
  * @method string getToken()
  * @method void setType(int $type)
- * @method int getType()
  * @method void setRemember(int $remember)
  * @method void setLastActivity(int $lastactivity)
  * @method int getLastActivity()
@@ -201,6 +200,10 @@ public function setName(string $name): void {
 		parent::setName($name);
 	}
 
+	public function getType(): int {
+		return parent::getType();
+	}
+
 	public function getRemember(): int {
 		return parent::getRemember();
 	}
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 710cba84879af..89e7b6018cf82 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -847,8 +847,7 @@ public function tryTokenLogin(IRequest $request) {
 			return true;
 		}
 
-		// Remember me tokens are not app_passwords
-		if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) {
+		if ($dbToken->getType() === IToken::PERMANENT_TOKEN) {
 			// Set the session variable so we know this is an app password
 			$this->session->set('app_password', $token);
 		}