From 82f03e1314c251fdb50990eb97b974b8b0fc1332 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Thu, 4 Jan 2018 14:30:40 +0100
Subject: [PATCH] Clear login token once apppassword is generated

Fixes #7697

When using the new login flow a token will be generated since we login.
However after that we generate yet another token to return (as we
should).

However we should kill the current session token as we are done with it.
And will never use it again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 core/Controller/ClientFlowLoginController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index 47bbbce640e36..7d6e79d39bc0a 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -319,6 +319,9 @@ public function generateAppPassword($stateToken,
 			$redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
 		}
 
+		// Clear the token from the login here
+		$this->tokenProvider->invalidateToken($sessionId);
+
 		return new Http\RedirectResponse($redirectUri);
 	}
 }