diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-06 08:30:52 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-06 08:30:52 +0200 |
| commit | be2d8cc4e9b6f0aac2e0c8f82e8635dbbce2a51d (patch) | |
| tree | 5617120038633e6dff803b67768c4b3d5bff30d9 /core/Controller | |
| parent | f778da90932c3d6bc370e0016bbc41a36035c653 (diff) | |
| download | nextcloud-server-be2d8cc4e9b6f0aac2e0c8f82e8635dbbce2a51d.tar.gz nextcloud-server-be2d8cc4e9b6f0aac2e0c8f82e8635dbbce2a51d.zip | |
Do not invalidate main token on OAuth
Fixes #10584
We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.
However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:
1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index c3b88f752db..088a6a98699 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -366,10 +366,10 @@ class ClientFlowLoginController extends Controller { $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix; $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token); - } - // Clear the token from the login here - $this->tokenProvider->invalidateToken($sessionId); + // Clear the token from the login here + $this->tokenProvider->invalidateToken($sessionId); + } return new Http\RedirectResponse($redirectUri); } |