summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token/DefaultTokenProvider.php
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-05-08 19:31:42 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2016-05-11 13:36:46 +0200
commit69dafd727dc848e3be541ae15bd88d01037cfab0 (patch)
tree31b717a904e28969091b881316b267babd27c0c8 /lib/private/Authentication/Token/DefaultTokenProvider.php
parentaf707fba41634b70115d47de86efe2ce2bf3d3b6 (diff)
downloadnextcloud-server-69dafd727dc848e3be541ae15bd88d01037cfab0.tar.gz
nextcloud-server-69dafd727dc848e3be541ae15bd88d01037cfab0.zip
delete the token in case an exception is thrown when decrypting the password
Diffstat (limited to 'lib/private/Authentication/Token/DefaultTokenProvider.php')
-rw-r--r--lib/private/Authentication/Token/DefaultTokenProvider.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
index 53ecb562a8d..a6641277cf9 100644
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -22,6 +22,7 @@
namespace OC\Authentication\Token;
+use Exception;
use OC\Authentication\Exceptions\InvalidTokenException;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
@@ -192,7 +193,13 @@ class DefaultTokenProvider implements IProvider {
*/
private function decryptPassword($password, $token) {
$secret = $this->config->getSystemValue('secret');
- return $this->crypto->decrypt($password, $token . $secret);
+ try {
+ return $this->crypto->decrypt($password, $token . $secret);
+ } catch (Exception $ex) {
+ // Delete the invalid token
+ $this->invalidateToken($token);
+ throw new InvalidTokenException();
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-02 17:44:30 +0000