From 49e992c1da2e4c239e7078eca87bc07eb998bc1c Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Sun, 21 Oct 2018 14:34:29 +0200
Subject: [PATCH] Expired PK tokens should not fall back to legacy tokens

Fixes #11919

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/Authentication/Token/Manager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
index 254a1598943..3cf48e868b6 100644
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -138,6 +138,8 @@ class Manager implements IProvider {
 	public function getTokenById(int $tokenId): IToken {
 		try {
 			return $this->publicKeyTokenProvider->getTokenById($tokenId);
+		} catch (ExpiredTokenException $e) {
+			throw $e;
 		} catch (InvalidTokenException $e) {
 			return $this->defaultTokenProvider->getTokenById($tokenId);
 		}
-- 
2.39.5