sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

delete oauth access token when receiving a code that has expired 

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
pull/40766/head
Julien Veyssier 2023-08-29 12:13:25 +07:00
parent 1ab45bad5d
commit 779e1d51ac
No known key found for this signature in database
GPG Key ID: 4141FEE162030638
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/oauth2/lib/Controller/OauthApiController.php
Unescape Escape View File

@ -128,6 +128,9 @@ class OauthApiController extends Controller {
$now = $this->timeFactory->now()->getTimestamp();
$tokenCreatedAt = $accessToken->getCreatedAt();
if ($tokenCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
// we know this token is not useful anymore
$this->accessTokenMapper->delete($accessToken);
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);