delete all tokens on password change
This commit is contained in:
parent
45f1c3f120
commit
2ea06f67bd
|
@ -552,9 +552,11 @@ class OC{
|
||||||
OC_Util::redirectToDefaultPage();
|
OC_Util::redirectToDefaultPage();
|
||||||
// doesn't return
|
// doesn't return
|
||||||
}
|
}
|
||||||
// if you reach this point you are an attacker
|
// if you reach this point you have changed your password
|
||||||
// we remove all tokens to be save
|
// or you are an attacker
|
||||||
OC_Preferences::deleteApp($_POST['user'], 'login_token');
|
// we can not delete tokens here because users will reach
|
||||||
|
// this point multible times after a password change
|
||||||
|
//OC_Preferences::deleteApp($_POST['user'], 'login_token');
|
||||||
}
|
}
|
||||||
OC_User::unsetMagicInCookie();
|
OC_User::unsetMagicInCookie();
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -329,6 +329,8 @@ class OC_User {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// invalidate all login cookies
|
||||||
|
OC_Preferences::deleteApp($uid, 'login_token');
|
||||||
OC_Hook::emit( "OC_User", "post_setPassword", array( "uid" => $uid, "password" => $password ));
|
OC_Hook::emit( "OC_User", "post_setPassword", array( "uid" => $uid, "password" => $password ));
|
||||||
return $success;
|
return $success;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue