diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2017-04-25 09:51:00 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2017-04-25 20:18:49 +0200 |
commit | bb5e5efa6d76d577d6657326f60daab7544054f4 (patch) | |
tree | 12cfee15f44f1eb0dc06a29ca0049979b684db4c | |
parent | 05e1092c44196d840d02657f54c15e91bf3b0622 (diff) | |
download | nextcloud-server-bb5e5efa6d76d577d6657326f60daab7544054f4.tar.gz nextcloud-server-bb5e5efa6d76d577d6657326f60daab7544054f4.zip |
Do not remove the state token to early
we should check the stateToken before we remove it. Else the check will
always fail.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r-- | core/Controller/ClientFlowLoginController.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 891910b8d09..f18af83a9c7 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -192,11 +192,13 @@ class ClientFlowLoginController extends Controller { * @return Http\RedirectResponse|Response */ public function generateAppPassword($stateToken) { - $this->session->remove(self::stateName); if(!$this->isValidToken($stateToken)) { + $this->session->remove(self::stateName); return $this->stateTokenForbiddenResponse(); } + $this->session->remove(self::stateName); + try { $sessionId = $this->session->getId(); } catch (SessionNotAvailableException $ex) { |