diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-09-07 19:51:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-07 19:51:59 +0200 |
commit | bab313da5d76dafcf7e0f8424d39b3d9669f126f (patch) | |
tree | bd18efa5a77c1dab33606e8a991940ed6da0b87d | |
parent | 3bd6b2a0b30e1ff7805ce8c86671e63e4ab18187 (diff) | |
parent | 87aeae21e33947c3116eb3070bb19bd892c6f46b (diff) | |
download | nextcloud-server-bab313da5d76dafcf7e0f8424d39b3d9669f126f.tar.gz nextcloud-server-bab313da5d76dafcf7e0f8424d39b3d9669f126f.zip |
Merge pull request #6360 from nextcloud/fix/session-timeout-refresh-csrf-token
Fix failing csp/nonce check due to timed out session
-rw-r--r-- | lib/private/User/Session.php | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 0291c1baecb..10a98b22bef 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -358,7 +358,7 @@ class Session implements IUserSession, Emitter { } $this->manager->emit('\OC\User', 'postLogin', [$user, $loginDetails['password']]); if($this->isLoggedIn()) { - $this->prepareUserLogin($firstTimeLogin); + $this->prepareUserLogin($firstTimeLogin, $regenerateSessionId); return true; } else { $message = \OC::$server->getL10N('lib')->t('Login canceled by app'); @@ -468,10 +468,13 @@ class Session implements IUserSession, Emitter { } } - protected function prepareUserLogin($firstTimeLogin) { - // TODO: mock/inject/use non-static - // Refresh the token - \OC::$server->getCsrfTokenManager()->refreshToken(); + protected function prepareUserLogin($firstTimeLogin, $refreshCsrfToken = true) { + if ($refreshCsrfToken) { + // TODO: mock/inject/use non-static + // Refresh the token + \OC::$server->getCsrfTokenManager()->refreshToken(); + } + //we need to pass the user name, which may differ from login name $user = $this->getUser()->getUID(); OC_Util::setupFS($user); |