mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Do not invalidate main token on OAuth 

Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-09-06 08:30:52 +02:00
parent f778da9093
commit be2d8cc4e9
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/Controller/ClientFlowLoginController.php
View File

@ -366,10 +366,10 @@ class ClientFlowLoginController extends Controller {
$serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
$redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
}
// Clear the token from the login here
$this->tokenProvider->invalidateToken($sessionId);
// Clear the token from the login here
$this->tokenProvider->invalidateToken($sessionId);
}
return new Http\RedirectResponse($redirectUri);
}