summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/private/User/Session.php20
1 files changed, 9 insertions, 11 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 07235c1b42b..aedb308539a 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -550,14 +550,12 @@ class Session implements IUserSession, Emitter {
$pwd = $this->tokenProvider->getPassword($dbToken, $token);
} catch (InvalidTokenException $ex) {
// An invalid token password was used -> log user out
- $this->logout();
return false;
} catch (PasswordlessTokenException $ex) {
// Token has no password
if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) {
$this->tokenProvider->invalidateToken($token);
- $this->logout();
return false;
}
@@ -570,7 +568,6 @@ class Session implements IUserSession, Emitter {
|| (!is_null($this->activeUser) && !$this->activeUser->isEnabled())) {
$this->tokenProvider->invalidateToken($token);
// Password has changed or user was disabled -> log user out
- $this->logout();
return false;
}
$dbToken->setLastCheck($now);
@@ -613,20 +610,21 @@ class Session implements IUserSession, Emitter {
if (strpos($authHeader, 'token ') === false) {
// No auth header, let's try session id
try {
- $sessionId = $this->session->getId();
+ $token = $this->session->getId();
} catch (SessionNotAvailableException $ex) {
return false;
}
-
- if (!$this->validateToken($sessionId)) {
- return false;
- }
-
- return $this->loginWithToken($sessionId);
} else {
$token = substr($authHeader, 6);
- return $this->validateToken($token);
}
+
+ if (!$this->loginWithToken($token)) {
+ return false;
+ }
+ if(!$this->validateToken($token)) {
+ return false;
+ }
+ return true;
}
/**