Autologin: Test logged session against remote user

fixes #6462
2025-07-31 01:34:09 +02:00 · 2014-07-29 12:06:43 +02:00 · 2014-07-29 12:06:43 +02:00 · 64954e9924
commit 64954e9924
parent 8f85a66e13
1 changed files with 7 additions and 0 deletions
--- a/library/Icinga/Authentication/Manager.php
+++ b/library/Icinga/Authentication/Manager.php
@ -117,6 +117,13 @@ class Manager
    public function authenticateFromSession()
    {
        $this->user = Session::getSession()->get('user');
+
+        if ($this->user
+            && array_key_exists('REMOTE_USER', $_SERVER)
+            && $this->user->getUsername() !== $_SERVER['REMOTE_USER']
+        ) {
+            $this->removeAuthorization();
+        }
    }

    /**