From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 18 Sep 2017 08:33:19 +0000 (+0200)
Subject: Fix duplicate session token after remembered login
X-Git-Tag: v12.0.5RC1~24^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=85c18f598069e033b11897fd43fae42eec2e9692;p=nextcloud-server.git

Fix duplicate session token after remembered login

On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---

diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
index 6fd85295e03..f099aca9d99 100644
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -195,6 +195,7 @@ class DefaultTokenProvider implements IProvider {
 		$newToken->setRemember($token->getRemember());
 		$newToken->setLastActivity($this->time->getTime());
 		$this->mapper->insert($newToken);
+		$this->mapper->delete($token);
 	}
 
 	/**
diff --git a/tests/lib/Authentication/Token/DefaultTokenProviderTest.php b/tests/lib/Authentication/Token/DefaultTokenProviderTest.php
index 2c8c2d7e196..96fdbaa176f 100644
--- a/tests/lib/Authentication/Token/DefaultTokenProviderTest.php
+++ b/tests/lib/Authentication/Token/DefaultTokenProviderTest.php
@@ -318,6 +318,10 @@ class DefaultTokenProviderTest extends TestCase {
 			->expects($this->at(1))
 			->method('insert')
 			->with($newToken);
+		$this->mapper
+			->expects($this->at(2))
+			->method('delete')
+			->with($token);
 
 		$this->tokenProvider->renewSessionToken('oldId', 'newId');
 	}
@@ -384,6 +388,10 @@ class DefaultTokenProviderTest extends TestCase {
 			->expects($this->at(1))
 			->method('insert')
 			->with($this->equalTo($newToken));
+		$this->mapper
+			->expects($this->at(2))
+			->method('delete')
+			->with($token);
 
 		$this->tokenProvider->renewSessionToken('oldId', 'newId');
 	}