Merge pull request #357 from owncloud/advanced-password

Check session token

ajax/sessionController.php

@@ -23,6 +23,9 @@ class SessionController extends Controller{
 		try {
 			$token = Helper::getArrayValueByKey($args, 'token');
 			$file = File::getByShareToken($token);
+			if ($file->isPasswordProtected() && !$file->checkPassword('')){
+				throw new \Exception('Not authorized');
+			}
 			$session = Db\Session::start($uid, $file);
 			\OCP\JSON::success($session);
 		} catch (\Exception $e){

lib/file.php

@@ -95,7 +95,7 @@ class File {
 	public function isPasswordProtected(){
 		return $this->passwordProtected;
 	}
-	
+
 	public function checkPassword($password){
 		$shareId  = $this->getShareId();
 		if (!$this->isPasswordProtected()