upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 54

delete oauth access token when receiving a code that has expired

Browse source 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
This commit is contained in:
Julien Veyssier 2023-08-29 12:13:25 +02:00
parent 1ab45bad5d
commit 779e1d51ac
No known key found for this signature in database
GPG key ID: 4141FEE162030638
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/oauth2/lib/Controller/OauthApiController.php
View file

@ -128,6 +128,9 @@ class OauthApiController extends Controller {
$now = $this->timeFactory->now()->getTimestamp();
$tokenCreatedAt = $accessToken->getCreatedAt();
if ($tokenCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
// we know this token is not useful anymore
$this->accessTokenMapper->delete($accessToken);
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);