summaryrefslogtreecommitdiffstats
path: root/lib/private/User
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/User')
-rw-r--r--lib/private/User/Session.php12
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index a9c638dca93..674f38e2401 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -38,6 +38,7 @@
namespace OC\User;
use OC;
+use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
@@ -401,7 +402,13 @@ class Session implements IUserSession, Emitter {
$this->manager->emit('\OC\User', 'preLogin', array($user, $password));
}
- $isTokenPassword = $this->isTokenPassword($password);
+ try {
+ $isTokenPassword = $this->isTokenPassword($password);
+ } catch (ExpiredTokenException $e) {
+ // Just return on an expired token no need to check further or record a failed login
+ return false;
+ }
+
if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
throw new PasswordLoginForbiddenException();
}
@@ -474,11 +481,14 @@ class Session implements IUserSession, Emitter {
*
* @param string $password
* @return boolean
+ * @throws ExpiredTokenException
*/
public function isTokenPassword($password) {
try {
$this->tokenProvider->getToken($password);
return true;
+ } catch (ExpiredTokenException $e) {
+ throw $e;
} catch (InvalidTokenException $ex) {
return false;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 05:42:20 +0000