upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-21 14:23:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
nextcloud/lib
History
Roeland Jago Douma bb94b39745
Do not clear CSRF token on logout (fix for #1303) 
This is a hacky way to allow the use case of #1303.

What happens is

1. User tries to login
2. PreLoginHook kicks in and figures out that the user need to change
their LDAP password or whatever => redirects user
3. While loading the redirect some logic of ours kicks in and logouts
the user (thus clearing the session).
4. We render the new page but now the session and the page disagree
about the CSRF token

This is kind of hacky but I don't think it introduces new attack
vectors.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-13 22:16:56 +01:00
..
composer Bump autoloader 2017-03-09 14:21:38 +01:00
l10n [tx-robot] updated from transifex 2017-03-11 01:07:48 +00:00
private Do not clear CSRF token on logout (fix for #1303) 2017-03-13 22:16:56 +01:00
public Allow searching for favorites 2017-03-08 16:30:55 +01:00
autoloader.php Add a magic wrapper from hell to allow phpunit4 to run the code again 2016-11-15 14:49:14 +01:00
base.php Remove legacy class OC_Group and OC_User 2017-03-09 17:35:09 -06:00