From 49e992c1da2e4c239e7078eca87bc07eb998bc1c Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Sun, 21 Oct 2018 14:34:29 +0200 Subject: [PATCH 1/2] Expired PK tokens should not fall back to legacy tokens Fixes #11919 Signed-off-by: Roeland Jago Douma --- lib/private/Authentication/Token/Manager.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 254a1598943d2..3cf48e868b6d0 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -138,6 +138,8 @@ public function getToken(string $tokenId): IToken { public function getTokenById(int $tokenId): IToken { try { return $this->publicKeyTokenProvider->getTokenById($tokenId); + } catch (ExpiredTokenException $e) { + throw $e; } catch (InvalidTokenException $e) { return $this->defaultTokenProvider->getTokenById($tokenId); } From 4abae96298aa6d1a4e7c448a270fd0baa74d6d30 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Sun, 21 Oct 2018 14:37:08 +0200 Subject: [PATCH 2/2] Catch more occurences where ExpiredTokenException can be thrown Signed-off-by: Roeland Jago Douma --- lib/private/Authentication/Token/Manager.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 3cf48e868b6d0..5fbf78eefd298 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -112,7 +112,9 @@ public function getTokenByUser(string $uid): array { public function getToken(string $tokenId): IToken { try { return $this->publicKeyTokenProvider->getToken($tokenId); - } catch (InvalidTokenException $e) { + } catch (ExpiredTokenException $e) { + throw $e; + } catch(InvalidTokenException $e) { // No worries we try to convert it to a PublicKey Token } @@ -153,6 +155,8 @@ public function getTokenById(int $tokenId): IToken { public function renewSessionToken(string $oldSessionId, string $sessionId) { try { $this->publicKeyTokenProvider->renewSessionToken($oldSessionId, $sessionId); + } catch (ExpiredTokenException $e) { + throw $e; } catch (InvalidTokenException $e) { $this->defaultTokenProvider->renewSessionToken($oldSessionId, $sessionId); }