From 3934f6a663b2185a695092652c2b8f008b1d587c Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Mon, 8 Sep 2014 22:05:31 +0300
Subject: [PATCH] Check session token

---
 ajax/sessionController.php | 3 +++
 lib/file.php               | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ajax/sessionController.php b/ajax/sessionController.php
index 2d9820a5..69ff8067 100644
--- a/ajax/sessionController.php
+++ b/ajax/sessionController.php
@@ -23,6 +23,9 @@ class SessionController extends Controller{
 		try {
 			$token = Helper::getArrayValueByKey($args, 'token');
 			$file = File::getByShareToken($token);
+			if ($file->isPasswordProtected() && !$file->checkPassword('')){
+				throw new \Exception('Not authorized');
+			}
 			$session = Db\Session::start($uid, $file);
 			\OCP\JSON::success($session);
 		} catch (\Exception $e){
diff --git a/lib/file.php b/lib/file.php
index 16df11b5..24303102 100644
--- a/lib/file.php
+++ b/lib/file.php
@@ -95,7 +95,7 @@ class File {
 	public function isPasswordProtected(){
 		return $this->passwordProtected;
 	}
-	
+
 	public function checkPassword($password){
 		$shareId  = $this->getShareId();
 		if (!$this->isPasswordProtected()