From ce82eb0231f78bb61bc31452ef3c4fff8fd780f8 Mon Sep 17 00:00:00 2001
From: Roman Hergenreder <mail@romanh.de>
Date: Mon, 29 Jun 2020 16:50:36 +0200
Subject: [PATCH] invalidate token

---
 core/Api/UserAPI.class.php | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/core/Api/UserAPI.class.php b/core/Api/UserAPI.class.php
index 5ad5dd6..03ae6b1 100644
--- a/core/Api/UserAPI.class.php
+++ b/core/Api/UserAPI.class.php
@@ -115,6 +115,14 @@ namespace Api {
 
       return $this->success;
     }
+
+    protected function invalidateToken($token) {
+      $this->user->getSQL()
+        ->update("UserToken")
+        ->set("used", true)
+        ->where(new Compare("token", $token))
+        ->execute();
+    }
   }
 
 }
@@ -544,14 +552,7 @@ namespace Api\User {
       } else if (!$this->updateUser($result["user"]["uid"])) {
         return false;
       } else {
-
-        // Invalidate token
-        $this->user->getSQL()
-          ->update("UserToken")
-          ->set("used", true)
-          ->where(new Compare("token", $token))
-          ->execute();
-
+        $this->invalidateToken($token);
         return true;
       }
     }
@@ -1111,14 +1112,7 @@ namespace Api\User {
       } else if (!$this->updateUser($result["user"]["uid"], $password)) {
         return false;
       } else {
-
-        // Invalidate token
-        $this->user->getSQL()
-          ->update("UserToken")
-          ->set("used", true)
-          ->where(new Compare("token", $token))
-          ->execute();
-
+        $this->invalidateToken($token);
         return true;
       }
     }