summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-09-07 19:51:59 +0200
committerGitHub <noreply@github.com>2017-09-07 19:51:59 +0200
commitbab313da5d76dafcf7e0f8424d39b3d9669f126f (patch)
treebd18efa5a77c1dab33606e8a991940ed6da0b87d
parent3bd6b2a0b30e1ff7805ce8c86671e63e4ab18187 (diff)
parent87aeae21e33947c3116eb3070bb19bd892c6f46b (diff)
downloadnextcloud-server-bab313da5d76dafcf7e0f8424d39b3d9669f126f.tar.gz
nextcloud-server-bab313da5d76dafcf7e0f8424d39b3d9669f126f.zip
Merge pull request #6360 from nextcloud/fix/session-timeout-refresh-csrf-token
Fix failing csp/nonce check due to timed out session
-rw-r--r--lib/private/User/Session.php13
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 0291c1baecb..10a98b22bef 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -358,7 +358,7 @@ class Session implements IUserSession, Emitter {
}
$this->manager->emit('\OC\User', 'postLogin', [$user, $loginDetails['password']]);
if($this->isLoggedIn()) {
- $this->prepareUserLogin($firstTimeLogin);
+ $this->prepareUserLogin($firstTimeLogin, $regenerateSessionId);
return true;
} else {
$message = \OC::$server->getL10N('lib')->t('Login canceled by app');
@@ -468,10 +468,13 @@ class Session implements IUserSession, Emitter {
}
}
- protected function prepareUserLogin($firstTimeLogin) {
- // TODO: mock/inject/use non-static
- // Refresh the token
- \OC::$server->getCsrfTokenManager()->refreshToken();
+ protected function prepareUserLogin($firstTimeLogin, $refreshCsrfToken = true) {
+ if ($refreshCsrfToken) {
+ // TODO: mock/inject/use non-static
+ // Refresh the token
+ \OC::$server->getCsrfTokenManager()->refreshToken();
+ }
+
//we need to pass the user name, which may differ from login name
$user = $this->getUser()->getUID();
OC_Util::setupFS($user);