tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 15:54:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

AutoLogin: Check the remote username against logged in user

Browse Source 
fixes #6462
This commit is contained in:
Marius Hein 2014-07-30 12:54:08 +02:00
parent e2c761a7aa
commit 56a29354d3
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/Icinga/Authentication/Manager.php
View File

@ -111,6 +111,13 @@ class Manager
public function authenticateFromSession() public function authenticateFromSession()
{ {
$this->user = Session::getSession()->get('user'); $this->user = Session::getSession()->get('user');
if ($this->user !== null && $this->user->isRemoteUser() === true) {
list($originUsername, $field) = $this->user->getRemoteUserInformation();
if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) {
$this->removeAuthorization();
}
}
} }
/** /**