diff options
Diffstat (limited to 'lib/private/User/Session.php')
| -rw-r--r-- | lib/private/User/Session.php | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 5593e178ca3..a9c638dca93 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -694,12 +694,19 @@ class Session implements IUserSession, Emitter { return true; } - if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false - || (!is_null($this->activeUser) && !$this->activeUser->isEnabled())) { + // Invalidate token if the user is no longer active + if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { $this->tokenProvider->invalidateToken($token); - // Password has changed or user was disabled -> log user out return false; } + + // If the token password is no longer valid mark it as such + if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false) { + $this->tokenProvider->markPasswordInvalid($dbToken, $token); + // User is logged out + return false; + } + $dbToken->setLastCheck($now); return true; } @@ -943,5 +950,9 @@ class Session implements IUserSession, Emitter { } } + public function updateTokens(string $uid, string $password) { + $this->tokenProvider->updatePasswords($uid, $password); + } + } |