summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token/DefaultTokenProvider.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Authentication/Token/DefaultTokenProvider.php')
-rw-r--r--lib/private/Authentication/Token/DefaultTokenProvider.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
index 53ecb562a8d..a6641277cf9 100644
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -22,6 +22,7 @@
namespace OC\Authentication\Token;
+use Exception;
use OC\Authentication\Exceptions\InvalidTokenException;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
@@ -192,7 +193,13 @@ class DefaultTokenProvider implements IProvider {
*/
private function decryptPassword($password, $token) {
$secret = $this->config->getSystemValue('secret');
- return $this->crypto->decrypt($password, $token . $secret);
+ try {
+ return $this->crypto->decrypt($password, $token . $secret);
+ } catch (Exception $ex) {
+ // Delete the invalid token
+ $this->invalidateToken($token);
+ throw new InvalidTokenException();
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 01:18:02 +0000