diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-08-31 19:45:40 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-09-03 21:13:36 +0200 |
| commit | 0452877a67d7679b427e54463c8d7f704d11aa6b (patch) | |
| tree | 4b191331838535ffa996e214413a0a4f47795bde /lib/private/Authentication/Token | |
| parent | 5826b75c4025529805135595da46d63c7d46560f (diff) | |
| download | nextcloud-server-0452877a67d7679b427e54463c8d7f704d11aa6b.tar.gz nextcloud-server-0452877a67d7679b427e54463c8d7f704d11aa6b.zip | |
Fix app password updating out of bounds
When your password changes out of bounds your Nextcloud tokens will
become invalid. There is no real way around that. However we should make
sure that if you successfully log in again your passwords are all
updates
* Added event listener to the PostLoggedInEvent so that we can act on it
- Only if it is not a token login
* Make sure that we actually reset the invalid state when we update a
token. Else it keeps being marked invalid and thus not used.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/Authentication/Token')
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 654bf4a8e8b..cd2fca5dec8 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -420,6 +420,7 @@ class PublicKeyTokenProvider implements IProvider { foreach ($tokens as $t) { $publicKey = $t->getPublicKey(); $t->setPassword($this->encryptPassword($password, $publicKey)); + $t->setPasswordInvalid(false); $this->updateToken($t); } } |