delete oauth access token when receiving a code that has expired

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
author: Julien Veyssier <julien-nc@posteo.net> 2023-08-29 12:13:25 +0200
committer: Julien Veyssier <julien-nc@posteo.net> 2023-10-05 14:24:02 +0200
commit: 779e1d51ac1d50c5625a1cc403d732d74b364ccf (patch)
tree: 415fd6a2fa3a3c53391746c8d5f00f197a4b734f /apps
parent: 1ab45bad5d20a62161448c29eb1c3282c1813649 (diff)
download: nextcloud-server-779e1d51ac1d50c5625a1cc403d732d74b364ccf.tar.gz
nextcloud-server-779e1d51ac1d50c5625a1cc403d732d74b364ccf.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php
index d1eda92b228..ecf0062918b 100644
--- a/apps/oauth2/lib/Controller/OauthApiController.php
+++ b/apps/oauth2/lib/Controller/OauthApiController.php
@@ -128,6 +128,9 @@ class OauthApiController extends Controller {
 			$now = $this->timeFactory->now()->getTimestamp();
 			$tokenCreatedAt = $accessToken->getCreatedAt();
 			if ($tokenCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
+				// we know this token is not useful anymore
+				$this->accessTokenMapper->delete($accessToken);
+
 				$response = new JSONResponse([
 					'error' => 'invalid_request',
 				], Http::STATUS_BAD_REQUEST);
author	Julien Veyssier <julien-nc@posteo.net>	2023-08-29 12:13:25 +0200
committer	Julien Veyssier <julien-nc@posteo.net>	2023-10-05 14:24:02 +0200
commit	779e1d51ac1d50c5625a1cc403d732d74b364ccf (patch)
tree	415fd6a2fa3a3c53391746c8d5f00f197a4b734f /apps
parent	1ab45bad5d20a62161448c29eb1c3282c1813649 (diff)
download	nextcloud-server-779e1d51ac1d50c5625a1cc403d732d74b364ccf.tar.gz nextcloud-server-779e1d51ac1d50c5625a1cc403d732d74b364ccf.zip