fix: Use login name to check the password

Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-04-02 15:50:05 +07:00 · 2025-04-02 15:50:05 +07:00 · 81e70c99cb
parent ff9538302b
commit 81e70c99cb
1 changed files with 2 additions and 1 deletions
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@ -80,7 +80,8 @@ class PasswordConfirmationMiddleware extends Middleware {
 		if ($this->isPasswordConfirmationStrict($reflectionMethod)) {
 			$authHeader = $this->request->getHeader('Authorization');
 			[, $password] = explode(':', base64_decode(substr($authHeader, 6)), 2);
-			$loginResult = $this->userManager->checkPassword($user->getUid(), $password);
+			$loginName = $this->session->get('loginname');
+			$loginResult = $this->userManager->checkPassword($loginName, $password);
 			if ($loginResult === false) {
 				throw new NotConfirmedException();
 			}