tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AutoLogin: Check the remote username against logged in user 

fixes #6462
This commit is contained in:
Marius Hein 2014-07-30 12:54:08 +02:00
parent e2c761a7aa
commit 56a29354d3
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/Icinga/Authentication/Manager.php
View File

@ -111,6 +111,13 @@ class Manager
public function authenticateFromSession()
{
$this->user = Session::getSession()->get('user');
if ($this->user !== null && $this->user->isRemoteUser() === true) {
list($originUsername, $field) = $this->user->getRemoteUserInformation();
if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) {
$this->removeAuthorization();
}
}
}
/**