diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-26 13:10:17 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-10-02 19:50:44 +0200 |
| commit | 00e99af5863e40e89c012f3ce642802c891def4e (patch) | |
| tree | fd3c6298541887f73caf0c88346135993f334383 /lib/private/User | |
| parent | efef05396034eaf34614b39aef36056a65f6f452 (diff) | |
| download | nextcloud-server-00e99af5863e40e89c012f3ce642802c891def4e.tar.gz nextcloud-server-00e99af5863e40e89c012f3ce642802c891def4e.zip | |
Mark token as invalid if the password doesn't match
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/User')
| -rw-r--r-- | lib/private/User/Session.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 5593e178ca3..8ac42eac4eb 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -694,12 +694,19 @@ class Session implements IUserSession, Emitter { return true; } - if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false - || (!is_null($this->activeUser) && !$this->activeUser->isEnabled())) { + // Invalidate token if the user is no longer active + if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { $this->tokenProvider->invalidateToken($token); - // Password has changed or user was disabled -> log user out return false; } + + // If the token password is no longer valid mark it as such + if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false) { + $this->tokenProvider->markPasswordInvalid($dbToken, $token); + // User is logged out + return false; + } + $dbToken->setLastCheck($now); return true; } |