diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-05-23 20:50:25 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-05-23 20:50:25 +0200 |
| commit | 4f6670d759c7840f774a69c42460107a8e1ebce4 (patch) | |
| tree | 59ba8d9ef6a67697911d9a33e0ba6abff8877822 /lib | |
| parent | 87fa86a69ae8df7aadcb882eb3a9a7f767e453a7 (diff) | |
| parent | c20cdc2213f99c6faa500e908b13fed8d0bbe5a1 (diff) | |
| download | nextcloud-server-4f6670d759c7840f774a69c42460107a8e1ebce4.tar.gz nextcloud-server-4f6670d759c7840f774a69c42460107a8e1ebce4.zip | |
Merge pull request #24658 from owncloud/invalidate-disabled-user-session
invalidate user session if the user was disabled
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Session.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 8db4970aaf2..0862ef5f399 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -206,7 +206,7 @@ class Session implements IUserSession, Emitter { return; } - // Check whether login credentials are still valid + // Check whether login credentials are still valid and the user was not disabled // This check is performed each 5 minutes $lastCheck = $this->session->get('last_login_check') ? : 0; $now = $this->timeFacory->getTime(); @@ -219,8 +219,9 @@ class Session implements IUserSession, Emitter { return; } - if ($this->manager->checkPassword($user->getUID(), $pwd) === false) { - // Password has changed -> log user out + if ($this->manager->checkPassword($user->getUID(), $pwd) === false + || !$user->isEnabled()) { + // Password has changed or user was disabled -> log user out $this->logout(); return; } |