aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2017-04-25 09:51:00 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2017-04-25 20:18:49 +0200
commitbb5e5efa6d76d577d6657326f60daab7544054f4 (patch)
tree12cfee15f44f1eb0dc06a29ca0049979b684db4c
parent05e1092c44196d840d02657f54c15e91bf3b0622 (diff)
downloadnextcloud-server-bb5e5efa6d76d577d6657326f60daab7544054f4.tar.gz
nextcloud-server-bb5e5efa6d76d577d6657326f60daab7544054f4.zip
Do not remove the state token to early
we should check the stateToken before we remove it. Else the check will always fail. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r--core/Controller/ClientFlowLoginController.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index 891910b8d09..f18af83a9c7 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -192,11 +192,13 @@ class ClientFlowLoginController extends Controller {
* @return Http\RedirectResponse|Response
*/
public function generateAppPassword($stateToken) {
- $this->session->remove(self::stateName);
if(!$this->isValidToken($stateToken)) {
+ $this->session->remove(self::stateName);
return $this->stateTokenForbiddenResponse();
}
+ $this->session->remove(self::stateName);
+
try {
$sessionId = $this->session->getId();
} catch (SessionNotAvailableException $ex) {