From be2d8cc4e9b6f0aac2e0c8f82e8635dbbce2a51d Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Thu, 6 Sep 2018 08:30:52 +0200
Subject: [PATCH] Do not invalidate main token on OAuth

Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 core/Controller/ClientFlowLoginController.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index c3b88f752d..088a6a9869 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -366,10 +366,10 @@ class ClientFlowLoginController extends Controller {
 
 			$serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
 			$redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
-		}
 
-		// Clear the token from the login here
-		$this->tokenProvider->invalidateToken($sessionId);
+			// Clear the token from the login here
+			$this->tokenProvider->invalidateToken($sessionId);
+		}
 
 		return new Http\RedirectResponse($redirectUri);
 	}