upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Merge pull request #29130 from nextcloud/backport/27886/stable21

Browse source 
[stable21] Keep pw based auth tokens valid when pw-less login happens
This commit is contained in:
Vincent Petry 2021-10-13 08:39:27 +02:00 committed by GitHub
commit e229cd3d53
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/private/Authentication/Listeners/UserLoggedInListener.php
View file

@ -49,6 +49,11 @@ class UserLoggedInListener implements IEventListener {
return;
}
// prevent setting an empty pw as result of pw-less-login
if ($event->getPassword() === '') {
return;
}
// If this is already a token login there is nothing to do
if ($event->isTokenLogin()) {
return;

5
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View file

@ -414,6 +414,11 @@ class PublicKeyTokenProvider implements IProvider {
public function updatePasswords(string $uid, string $password) {
$this->cache->clear();
// prevent setting an empty pw as result of pw-less-login
if ($password === '') {
return;
}
// Update the password for all tokens
$tokens = $this->mapper->getTokenByUser($uid);
foreach ($tokens as $t) {