diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-28 16:12:06 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-29 13:08:56 +0100 |
| commit | ac8a6e22448cd4077e73b68731764bd60775665a (patch) | |
| tree | b1702be7456cc7e5765eafebbc02fac6ff639752 /core/Controller/LostController.php | |
| parent | 8d52a3ac4a9f13c7ff7197b80ba055f37ac575d3 (diff) | |
| download | nextcloud-server-ac8a6e22448cd4077e73b68731764bd60775665a.tar.gz nextcloud-server-ac8a6e22448cd4077e73b68731764bd60775665a.zip | |
Clean pending 2FA authentication on password reset
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Controller/LostController.php')
| -rw-r--r-- | core/Controller/LostController.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index ed802aca582..96018555ec3 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -31,6 +31,7 @@ namespace OC\Core\Controller; +use OC\Authentication\TwoFactorAuth\Manager; use OC\HintException; use \OCP\AppFramework\Controller; use OCP\AppFramework\Http\JSONResponse; @@ -58,7 +59,6 @@ use OCP\Security\ISecureRandom; * @package OC\Core\Controller */ class LostController extends Controller { - /** @var IURLGenerator */ protected $urlGenerator; /** @var IUserManager */ @@ -83,6 +83,8 @@ class LostController extends Controller { protected $crypto; /** @var ILogger */ private $logger; + /** @var Manager */ + private $twoFactorManager; /** * @param string $appName @@ -112,7 +114,8 @@ class LostController extends Controller { IMailer $mailer, ITimeFactory $timeFactory, ICrypto $crypto, - ILogger $logger) { + ILogger $logger, + Manager $twoFactorManager) { parent::__construct($appName, $request); $this->urlGenerator = $urlGenerator; $this->userManager = $userManager; @@ -126,6 +129,7 @@ class LostController extends Controller { $this->timeFactory = $timeFactory; $this->crypto = $crypto; $this->logger = $logger; + $this->twoFactorManager = $twoFactorManager; } /** @@ -290,6 +294,8 @@ class LostController extends Controller { \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password)); + $this->twoFactorManager->clearTwoFactorPending($userId); + $this->config->deleteUserValue($userId, 'core', 'lostpassword'); @\OC::$server->getUserSession()->unsetMagicInCookie(); } catch (HintException $e){ |