diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2021-09-14 09:50:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-14 09:50:22 +0200 |
| commit | a994ef0c4fae63b40cc0bb4ace2766b75a22ff0b (patch) | |
| tree | b520161c350c2cb5d11dcf44ed8f6e6fe86271b0 /core | |
| parent | 58891a965537bc2865cf710c2c33655124b12940 (diff) | |
| parent | 6857136f06190acad26a4dfc541c9c688aa75014 (diff) | |
| download | nextcloud-server-a994ef0c4fae63b40cc0bb4ace2766b75a22ff0b.tar.gz nextcloud-server-a994ef0c4fae63b40cc0bb4ace2766b75a22ff0b.zip | |
Merge pull request #28792 from nextcloud/fix/noid/lost-password-missing-prefix
fixes missing prefix to validate password reset token
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/LostController.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index cee3837ac5a..a8c459a32e1 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -172,7 +172,8 @@ class LostController extends Controller { */ protected function checkPasswordResetToken(string $token, string $userId): void { try { - $this->verificationToken->check($token, $this->userManager->get($userId), 'lostpassword', '', true); + $user = $this->userManager->get($userId); + $this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true); } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') |