From 45f1c3f120e459a48ccb54b74cc97facb1946042 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20G=C3=B6hler?= <somebody.here@gmx.de>
Date: Thu, 11 Oct 2012 11:38:42 +0200
Subject: [PATCH] further improvements on multiple login token support

outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
---
 lib/base.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 4dd69f3cc3..cac416003e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -536,15 +536,25 @@ class OC{
 		}
 		// confirm credentials in cookie
 		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username'])) {
+			// delete outdated cookies
+			cleanupLoginTokens($_COOKIE['oc_username']);
+			// get new tokens
 			$tokens = OC_Preferences::getKeys($_COOKIE['oc_username'], 'login_token');
-			$tokens[] = OC_Preferences::getValue($_COOKIE['oc_username'], 'login', 'token');
+			// test cookies token against stored tokens
 			if (in_array($_COOKIE['oc_token'], $tokens, true)) {
-				self::cleanupLoginTokens($_COOKIE['oc_username']);
+				// replace successfully used token with a new one
+				OC_Preferences::deleteKey($_POST['user'], 'login_token', $_COOKIE['oc_token']);
+				$token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_COOKIE['oc_token']);
+				OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
+				OC_User::setMagicInCookie($_POST['user'], $token);
+				// login
 				OC_User::setUserId($_COOKIE['oc_username']);
 				OC_Util::redirectToDefaultPage();
 				// doesn't return
 			}
-			OC_Preferences::deleteKey($_POST['user'], 'login_token', $_COOKIE['oc_token']);
+			// if you reach this point you are an attacker
+			// we remove all tokens to be save
+			OC_Preferences::deleteApp($_POST['user'], 'login_token');
 		}
 		OC_User::unsetMagicInCookie();
 		return true;
-- 
GitLab