Merge pull request #5639 from nextcloud/backport/5636/stable21

[stable21] Regenerate session id after entering password
nextcloud · May 19, 2021 · 1a3ffbb · 1a3ffbb
2 parents 3d5f4b6 + 9bf4d87
commit 1a3ffbb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -228,6 +228,7 @@ public function index(string $token = '', string $callUser = '', string $passwor
  $passwordVerification = $room->verifyPassword($password);
 
  if ($passwordVerification['result']) {
+ $this->talkSession->renewSessionId();
  $this->talkSession->setPasswordForRoom($token, $password);
  } else {
  $this->talkSession->removePasswordForRoom($token);
@@ -292,6 +293,7 @@ protected function guestEnterRoom(string $token, string $password): Response {
 
  $passwordVerification = $room->verifyPassword($password);
  if ($passwordVerification['result']) {
+ $this->talkSession->renewSessionId();
  $this->talkSession->setPasswordForRoom($token, $password);
  } else {
  $this->talkSession->removePasswordForRoom($token);

diff --git a/lib/TalkSession.php b/lib/TalkSession.php
@@ -132,4 +132,8 @@ protected function removeValue(string $key, string $token): void {
 
  $this->session->set($key, json_encode($values));
  }
+
+ public function renewSessionId() {
+ $this->session->regenerateId();
+ }
 }