summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-05-08 19:31:42 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2016-05-11 13:36:46 +0200
commit69dafd727dc848e3be541ae15bd88d01037cfab0 (patch)
tree31b717a904e28969091b881316b267babd27c0c8 /lib
parentaf707fba41634b70115d47de86efe2ce2bf3d3b6 (diff)
downloadnextcloud-server-69dafd727dc848e3be541ae15bd88d01037cfab0.tar.gz
nextcloud-server-69dafd727dc848e3be541ae15bd88d01037cfab0.zip
delete the token in case an exception is thrown when decrypting the password
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Authentication/Token/DefaultTokenProvider.php9
-rw-r--r--lib/private/User/Session.php14
2 files changed, 18 insertions, 5 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
index 53ecb562a8d..a6641277cf9 100644
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -22,6 +22,7 @@
namespace OC\Authentication\Token;
+use Exception;
use OC\Authentication\Exceptions\InvalidTokenException;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
@@ -192,7 +193,13 @@ class DefaultTokenProvider implements IProvider {
*/
private function decryptPassword($password, $token) {
$secret = $this->config->getSystemValue('secret');
- return $this->crypto->decrypt($password, $token . $secret);
+ try {
+ return $this->crypto->decrypt($password, $token . $secret);
+ } catch (Exception $ex) {
+ // Delete the invalid token
+ $this->invalidateToken($token);
+ throw new InvalidTokenException();
+ }
}
}
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 0351125b5d9..0b0d298db24 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -69,10 +69,10 @@ use OCP\Session\Exceptions\SessionNotAvailableException;
* @package OC\User
*/
class Session implements IUserSession, Emitter {
-
/*
* @var Manager $manager
*/
+
private $manager;
/*
@@ -107,8 +107,7 @@ class Session implements IUserSession, Emitter {
* @param IProvider $tokenProvider
* @param IProvider[] $tokenProviders
*/
- public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider,
- array $tokenProviders = []) {
+ public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider, array $tokenProviders = []) {
$this->manager = $manager;
$this->session = $session;
$this->timeFacory = $timeFacory;
@@ -230,7 +229,14 @@ class Session implements IUserSession, Emitter {
$lastCheck = $this->session->get('last_login_check') ? : 0;
$now = $this->timeFacory->getTime();
if ($lastCheck < ($now - 60 * 5)) {
- $pwd = $this->tokenProvider->getPassword($token, $sessionId);
+ try {
+ $pwd = $this->tokenProvider->getPassword($token, $sessionId);
+ } catch (InvalidTokenException $ex) {
+ // An invalid token password was used -> log user out
+ $this->logout();
+ return;
+ }
+
if ($this->manager->checkPassword($user->getUID(), $pwd) === false) {
// Password has changed -> log user out
$this->logout();