From 7215ba4f595b9136fbd7cd882002c6ed15365832 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 11 Jun 2014 15:04:15 +0200 Subject: [PATCH] Autologin: Do not require a bogus password in the source code --- application/controllers/AuthenticationController.php | 5 ++--- library/Icinga/Authentication/Backend/AutoLoginBackend.php | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php index f50987de7..4476ecebd 100644 --- a/application/controllers/AuthenticationController.php +++ b/application/controllers/AuthenticationController.php @@ -63,8 +63,6 @@ class AuthenticationController extends ActionController $this->view->form = new LoginForm(); $this->view->form->setRequest($this->_request); $this->view->title = $this->translate('Icingaweb Login'); - $user = new User(''); - $password = ''; try { $redirectUrl = Url::fromPath($this->_request->getParam('redirect', 'dashboard')); @@ -95,9 +93,10 @@ class AuthenticationController extends ActionController if ($this->getRequest()->isGet()) { + $user = new User(''); foreach ($chain as $backend) { if ($backend instanceof AutoLoginBackend) { - $authenticated = $backend->authenticate($user, $password); + $authenticated = $backend->authenticate($user); if ($authenticated === true) { $auth->setAuthenticated($user); $this->redirectNow($redirectUrl); diff --git a/library/Icinga/Authentication/Backend/AutoLoginBackend.php b/library/Icinga/Authentication/Backend/AutoLoginBackend.php index 2fdfe1037..8cde07878 100644 --- a/library/Icinga/Authentication/Backend/AutoLoginBackend.php +++ b/library/Icinga/Authentication/Backend/AutoLoginBackend.php @@ -75,7 +75,7 @@ class AutoLoginBackend extends UserBackend * * @return bool */ - public function authenticate(User $user, $password) + public function authenticate(User $user, $password = null) { return $this->hasUser($user); }