Skip to content

Commit 8860212

Browse files
CarlSchwanCarlSchwan
committed
fix(lostpassord): Delete lost password token on password change
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
1 parent e2ea6d4 commit 8860212

File tree

4 files changed

+35
-0
lines changed

4 files changed

+35
-0
lines changed

core/AppInfo/Application.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
use OC\Core\Listener\AddMissingIndicesListener;
2121
use OC\Core\Listener\AddMissingPrimaryKeyListener;
2222
use OC\Core\Listener\BeforeTemplateRenderedListener;
23+
use OC\Core\Listener\PasswordUpdatedListener;
2324
use OC\Core\Notification\CoreNotifier;
2425
use OC\TagManager;
2526
use OCP\AppFramework\App;
@@ -31,6 +32,7 @@
3132
use OCP\DB\Events\AddMissingIndicesEvent;
3233
use OCP\DB\Events\AddMissingPrimaryKeyEvent;
3334
use OCP\User\Events\BeforeUserDeletedEvent;
35+
use OCP\User\Events\PasswordUpdatedEvent;
3436
use OCP\User\Events\UserDeletedEvent;
3537
use OCP\Util;
3638

@@ -75,6 +77,7 @@ public function register(IRegistrationContext $context): void {
7577
$context->registerEventListener(BeforeUserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
7678
$context->registerEventListener(UserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
7779
$context->registerEventListener(UserDeletedEvent::class, UserDeletedWebAuthnCleanupListener::class);
80+
$context->registerEventListener(PasswordUpdatedEvent::class, PasswordUpdatedListener::class);
7881

7982
// Tags
8083
$context->registerEventListener(UserDeletedEvent::class, TagManager::class);

core/Listener/PasswordUpdatedListener.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
/**
6+
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
7+
* SPDX-License-Identifier: AGPL-3.0-or-later
8+
*/
9+
10+
namespace OC\Core\Listener;
11+
12+
use OCP\EventDispatcher\Event;
13+
use OCP\EventDispatcher\IEventListener;
14+
use OCP\Security\VerificationToken\IVerificationToken;
15+
use OCP\User\Events\PasswordUpdatedEvent;
16+
17+
/**
18+
* @template-implements IEventListener<PasswordUpdatedEvent>
19+
*/
20+
class PasswordUpdatedListener implements IEventListener {
21+
public function __construct(readonly private IVerificationToken $verificationToken) {
22+
23+
}
24+
25+
public function handle(Event $event): void {
26+
if ($event instanceof PasswordUpdatedEvent) {
27+
$this->verificationToken->delete('', $event->getUser(), 'lostpassword');
28+
}
29+
}
30+
}

lib/composer/composer/autoload_classmap.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1440,6 +1440,7 @@
14401440
'OC\\Core\\Listener\\BeforeMessageLoggedEventListener' => $baseDir . '/core/Listener/BeforeMessageLoggedEventListener.php',
14411441
'OC\\Core\\Listener\\BeforeTemplateRenderedListener' => $baseDir . '/core/Listener/BeforeTemplateRenderedListener.php',
14421442
'OC\\Core\\Listener\\FeedBackHandler' => $baseDir . '/core/Listener/FeedBackHandler.php',
1443+
'OC\\Core\\Listener\\PasswordUpdatedListener' => $baseDir . '/core/Listener/PasswordUpdatedListener.php',
14431444
'OC\\Core\\Middleware\\TwoFactorMiddleware' => $baseDir . '/core/Middleware/TwoFactorMiddleware.php',
14441445
'OC\\Core\\Migrations\\Version13000Date20170705121758' => $baseDir . '/core/Migrations/Version13000Date20170705121758.php',
14451446
'OC\\Core\\Migrations\\Version13000Date20170718121200' => $baseDir . '/core/Migrations/Version13000Date20170718121200.php',

lib/composer/composer/autoload_static.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1481,6 +1481,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
14811481
'OC\\Core\\Listener\\BeforeMessageLoggedEventListener' => __DIR__ . '/../../..' . '/core/Listener/BeforeMessageLoggedEventListener.php',
14821482
'OC\\Core\\Listener\\BeforeTemplateRenderedListener' => __DIR__ . '/../../..' . '/core/Listener/BeforeTemplateRenderedListener.php',
14831483
'OC\\Core\\Listener\\FeedBackHandler' => __DIR__ . '/../../..' . '/core/Listener/FeedBackHandler.php',
1484+
'OC\\Core\\Listener\\PasswordUpdatedListener' => __DIR__ . '/../../..' . '/core/Listener/PasswordUpdatedListener.php',
14841485
'OC\\Core\\Middleware\\TwoFactorMiddleware' => __DIR__ . '/../../..' . '/core/Middleware/TwoFactorMiddleware.php',
14851486
'OC\\Core\\Migrations\\Version13000Date20170705121758' => __DIR__ . '/../../..' . '/core/Migrations/Version13000Date20170705121758.php',
14861487
'OC\\Core\\Migrations\\Version13000Date20170718121200' => __DIR__ . '/../../..' . '/core/Migrations/Version13000Date20170718121200.php',

0 commit comments

Comments
 (0)