From d28cd1577b184f3b5e32fd59e93c9b85461d5b07 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Tue, 25 Apr 2023 15:43:02 +0200 Subject: [PATCH] #10326 regenerate api token when update password --- pandora_console/godmode/users/configure_user.php | 8 ++++++++ pandora_console/include/functions_api.php | 3 +++ 2 files changed, 11 insertions(+) diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index 2f01df4a55..a57012fd3a 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -747,6 +747,10 @@ if ($update_user) { ] ); $res3 = save_pass_history($id, $password_new); + + // Generate new API token. + $newToken = api_token_generate(); + $res4 = update_user($id, ['api_token' => $newToken]); } ui_print_result_message( @@ -771,6 +775,10 @@ if ($update_user) { 'utimestamp' => time(), ] ); + + // Generate new API token. + $newToken = api_token_generate(); + $res4 = update_user($id, ['api_token' => $newToken]); } ui_print_result_message( diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index bd1577116c..d07d0e528d 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -9612,6 +9612,7 @@ function api_set_new_user($id, $thrash2, $other, $thrash3) $values['section'] = $other['data'][11]; $values['session_time'] = $other['data'][12]; $values['metaconsole_access_node'] = $other['data'][13]; + $values['api_token'] = api_token_generate(); if (empty($password) === true) { returnError('Password cannot be empty.'); @@ -9708,6 +9709,8 @@ function api_set_update_user($id, $thrash2, $other, $thrash3) if (!update_user_password($id, $other['data'][4])) { returnError('The user could not be updated. Password info incorrect.'); return; + } else { + $values['api_token'] = api_token_generate(); } }