mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Do not remove the state token to early 

we should check the stateToken before we remove it. Else the check will
always fail.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2017-04-25 09:51:00 +02:00
parent 05e1092c44
commit bb5e5efa6d
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/Controller/ClientFlowLoginController.php
View File

@ -192,11 +192,13 @@ class ClientFlowLoginController extends Controller {
* @return Http\RedirectResponse|Response
*/
public function generateAppPassword($stateToken) {
$this->session->remove(self::stateName);
if(!$this->isValidToken($stateToken)) {
$this->session->remove(self::stateName);
return $this->stateTokenForbiddenResponse();
}
$this->session->remove(self::stateName);
try {
$sessionId = $this->session->getId();
} catch (SessionNotAvailableException $ex) {