]> source.dussan.org Git - nextcloud-server.git/commit
projects / nextcloud-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c35d82a) | patch
Fix login loop if login CSRF fails and user is not logged in 35419/head
authorChristoph Wurst <christoph@winzerhof-wurst.at>
Fri, 25 Nov 2022 08:22:28 +0000 (09:22 +0100)
committerChristoph Wurst <christoph@winzerhof-wurst.at>
Wed, 18 Jan 2023 08:39:17 +0000 (09:39 +0100)
commitf22101d4213768066d3dcbde81898dd64ce46445
treeed130101816b88e7fca5e75b0888d7b8902944b2tree | snapshot
parentc35d82aece11027bf0a4cc246b249ac2f137f025commit | diff
Fix login loop if login CSRF fails and user is not logged in

If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
core/Controller/LoginController.php diff | blob | history
tests/Core/Controller/LoginControllerTest.php diff | blob | history
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server