Do not remove the state token to early
we should check the stateToken before we remove it. Else the check will always fail. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
05e1092c44
commit
bb5e5efa6d
|
@ -192,11 +192,13 @@ class ClientFlowLoginController extends Controller {
|
||||||
* @return Http\RedirectResponse|Response
|
* @return Http\RedirectResponse|Response
|
||||||
*/
|
*/
|
||||||
public function generateAppPassword($stateToken) {
|
public function generateAppPassword($stateToken) {
|
||||||
$this->session->remove(self::stateName);
|
|
||||||
if(!$this->isValidToken($stateToken)) {
|
if(!$this->isValidToken($stateToken)) {
|
||||||
|
$this->session->remove(self::stateName);
|
||||||
return $this->stateTokenForbiddenResponse();
|
return $this->stateTokenForbiddenResponse();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->session->remove(self::stateName);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$sessionId = $this->session->getId();
|
$sessionId = $this->session->getId();
|
||||||
} catch (SessionNotAvailableException $ex) {
|
} catch (SessionNotAvailableException $ex) {
|
||||||
|
|
Loading…
Reference in New Issue