Remove quick connect tokens after usage

author: Matt Montgomery <33811686+ConfusedPolarBear@users.noreply.github.com> 2021-01-01 17:26:31 -0600
committer: Matt Montgomery <33811686+ConfusedPolarBear@users.noreply.github.com> 2021-01-02 16:37:43 -0600
commit: 8dd83327b5b9b77912b3b69ec00dc31898a86bc7 (patch)
tree: 48c4bf6e0dbfd515d9827e0bcd22c0f4d01a96d5
parent: 5932b967b71615468969201717e61e1278e81714 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index 885f65c64..92cbb0812 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1456,7 +1456,12 @@ namespace Emby.Server.Implementations.Session
                 throw new SecurityException("Unknown quick connect token");
             }
 
-            request.UserId = result.Items[0].UserId;
+            var info = result.Items[0];
+            request.UserId = info.UserId;
+
+            // There's no need to keep the quick connect token in the database, as AuthenticateNewSessionInternal() issues a long lived token.
+            _authRepo.Delete(info);
+
             return AuthenticateNewSessionInternal(request, false);
         }
author	Matt Montgomery <33811686+ConfusedPolarBear@users.noreply.github.com>	2021-01-01 17:26:31 -0600
committer	Matt Montgomery <33811686+ConfusedPolarBear@users.noreply.github.com>	2021-01-02 16:37:43 -0600
commit	8dd83327b5b9b77912b3b69ec00dc31898a86bc7 (patch)
tree	48c4bf6e0dbfd515d9827e0bcd22c0f4d01a96d5
parent	5932b967b71615468969201717e61e1278e81714 (diff)