diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 67e1e215289bd..f63d5cd8f2cb0 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -25,7 +25,6 @@
 
 namespace OC\Core\Controller;
 
-use OC\AppFramework\Utility\TimeFactory;
 use OC\Authentication\TwoFactorAuth\Manager;
 use OC\Security\Bruteforce\Throttler;
 use OC\User\Session;
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index fe6be1e685250..b1111559a6c76 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -40,7 +40,6 @@
 use OCP\IUserManager;
 use OCP\Mail\IMailer;
 use OCP\Security\ISecureRandom;
-use OCP\Security\StringUtils;
 
 /**
  * Class LostController
@@ -144,7 +143,7 @@ public function resetform($token, $userId) {
 	}
 
 	/**
-	 * @param string $userId
+	 * @param string $token
 	 * @param string $userId
 	 * @throws \Exception
 	 */
@@ -161,7 +160,7 @@ private function checkPasswordResetToken($token, $userId) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
 		}
 
-		if (!StringUtils::equals($splittedToken[1], $token)) {
+		if (!hash_equals($splittedToken[1], $token)) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 		}
 	}
diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php
index 9d4fd7c965604..6e3ff50fa1d53 100644
--- a/core/Controller/TokenController.php
+++ b/core/Controller/TokenController.php
@@ -24,13 +24,10 @@
 namespace OC\Core\Controller;
 
 use OC\AppFramework\Http;
-use OC\AppFramework\Utility\TimeFactory;
-use OC\Authentication\Token\DefaultTokenProvider;
 use OC\Authentication\Token\IProvider;
 use OC\Authentication\Token\IToken;
 use OC\Authentication\TwoFactorAuth\Manager as TwoFactorAuthManager;
 use OC\User\Manager as UserManager;
-use OCA\User_LDAP\User\Manager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IRequest;
@@ -100,9 +97,9 @@ public function generateToken($user, $password, $name = 'unknown client') {
 
 		$token = $this->secureRandom->generate(128);
 		$this->tokenProvider->generateToken($token, $user->getUID(), $loginName, $password, $name, IToken::PERMANENT_TOKEN);
-		return [
+		return new JSONResponse([
 			'token' => $token,
-		];
+		]);
 	}
 
 }
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index b9e10b147ce6a..c19cf5232796b 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -96,7 +96,7 @@ public function selectChallenge($redirect_url) {
 	 *
 	 * @param string $challengeProviderId
 	 * @param string $redirect_url
-	 * @return TemplateResponse
+	 * @return TemplateResponse|RedirectResponse
 	 */
 	public function showChallenge($challengeProviderId, $redirect_url) {
 		$user = $this->userSession->getUser();