1 files changed, 24 insertions, 10 deletions

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 976a2627735..7fac36626e2 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -37,6 +37,7 @@ use OC;
 use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Token\DefaultTokenProvider;
 use OC\Authentication\Token\IProvider;
+use OC\Authentication\Token\IToken;
 use OC\Hooks\Emitter;
 use OC_User;
 use OCA\DAV\Connector\Sabre\Auth;
@@ -218,12 +219,7 @@ class Session implements IUserSession, Emitter {
 		}
 
 		// Session is valid, so the token can be refreshed
-		// To save unnecessary DB queries, this is only done once a minute
-		$lastTokenUpdate = $this->session->get('last_token_update') ? : 0;
-		if ($lastTokenUpdate < (time () - 60)) {
-			$this->tokenProvider->updateToken($token);
-			$this->session->set('last_token_update', time());
-		}
+		$this->updateToken($this->tokenProvider, $token);
 
 		return true;
 	}
@@ -311,6 +307,7 @@ class Session implements IUserSession, Emitter {
 
 	/**
 	 * Tries to login the user with HTTP Basic Authentication
+	 * @return boolean if the login was successful
 	 */
 	public function tryBasicAuthLogin() {
 		if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
@@ -327,7 +324,9 @@ class Session implements IUserSession, Emitter {
 					Auth::DAV_AUTHENTICATED, $this->getUser()->getUID()
 				);
 			}
+			return $result;
 		}
+		return false;
 	}
 
 	private function loginWithToken($uid) {
@@ -347,11 +346,12 @@ class Session implements IUserSession, Emitter {
 	/**
 	 * Create a new session token for the given user credentials
 	 *
+	 * @param IRequest $request
 	 * @param string $uid user UID
 	 * @param string $password
 	 * @return boolean
 	 */
-	public function createSessionToken($uid, $password) {
+	public function createSessionToken(IRequest $request, $uid, $password) {
 		$this->session->regenerateId();
 		if (is_null($this->manager->get($uid))) {
 			// User does not exist
@@ -372,11 +372,12 @@ class Session implements IUserSession, Emitter {
 	private function validateToken(IRequest $request, $token) {
 		foreach ($this->tokenProviders as $provider) {
 			try {
-				$user = $provider->validateToken($token);
-				if (!is_null($user)) {
-					$result = $this->loginWithToken($user);
+				$token = $provider->validateToken($token);
+				if (!is_null($token)) {
+					$result = $this->loginWithToken($token->getUid());
 					if ($result) {
 						// Login success
+						$this->updateToken($provider, $token);
 						return true;
 					}
 				}
@@ -388,6 +389,19 @@ class Session implements IUserSession, Emitter {
 	}
 
 	/**
+	 * @param IProvider $provider
+	 * @param IToken $token
+	 */
+	private function updateToken(IProvider $provider, IToken $token) {
+		// To save unnecessary DB queries, this is only done once a minute
+		$lastTokenUpdate = $this->session->get('last_token_update') ? : 0;
+		if ($lastTokenUpdate < (time () - 60)) {
+			$provider->updateToken($token);
+			$this->session->set('last_token_update', time());
+		}
+	}
+
+	/**
 	 * Tries to login the user with auth token header
 	 *
 	 * @todo check remember me cookie