sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

delete all tokens on password change

remotes/origin/stable5
Michael Göhler 2012-10-11 11:54:40 +07:00
parent 45f1c3f120
commit 2ea06f67bd
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/base.php
Unescape Escape View File

@ -552,9 +552,11 @@ class OC{
OC_Util::redirectToDefaultPage();
// doesn't return
}
// if you reach this point you are an attacker
// we remove all tokens to be save
OC_Preferences::deleteApp($_POST['user'], 'login_token');
// if you reach this point you have changed your password
// or you are an attacker
// we can not delete tokens here because users will reach
// this point multible times after a password change
//OC_Preferences::deleteApp($_POST['user'], 'login_token');
}
OC_User::unsetMagicInCookie();
return true;

2
lib/user.php
Unescape Escape View File

@ -329,6 +329,8 @@ class OC_User {
}
}
}
// invalidate all login cookies
OC_Preferences::deleteApp($uid, 'login_token');
OC_Hook::emit( "OC_User", "post_setPassword", array( "uid" => $uid, "password" => $password ));
return $success;
}