upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-12 07:14:44 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

draft to prevent the invalidation of pw based authn tokens on a pw less login

Browse source 
Signed-off-by: Tobias Assmann <tobias.assmann@ecsec.de>
This commit is contained in:
Tobias Assmann 2021-07-09 09:35:12 +02:00 committed by Julius Härtl
parent 6990f2ff43
commit ce834cbb55
No known key found for this signature in database
GPG key ID: 4C614C6ED2CDE6DF
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/private/Authentication/Listeners/UserLoggedInListener.php
View file

@ -48,6 +48,11 @@ class UserLoggedInListener implements IEventListener {
return;
}
// prevent setting an empty pw as result of pw-less-login
if ($event->getPassword()==='') {
return;
}
// If this is already a token login there is nothing to do
if ($event->isTokenLogin()) {
return;

5
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View file

@ -413,6 +413,11 @@ class PublicKeyTokenProvider implements IProvider {
public function updatePasswords(string $uid, string $password) {
$this->cache->clear();
// prevent setting an empty pw as result of pw-less-login
if ($password==='') {
return;
}
// Update the password for all tokens
$tokens = $this->mapper->getTokenByUser($uid);
foreach ($tokens as $t) {