daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 06:20:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

block reusing tokens

Browse Source
This commit is contained in:
Zoey
2026-03-05 21:38:26 +01:00
parent 15721c6d3a
commit 443593d4fb
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
php/src/Auth/AuthManager.php
View File

@@ -43,6 +43,14 @@ readonly class AuthManager {
return false;
}
// Prevent token replay: reject tokens that have already been used
$tokenHash = hash('sha256', $token);
$cacheKey = 'used_token_' . $tokenHash;
if (apcu_fetch($cacheKey) !== false) {
return false;
}
apcu_add($cacheKey, true, 60);
return true;
}