tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix session resume for external auths 

When REMOTE_USER is not available from _SERVER (PHP internal webserver)

fixes #11277
This commit is contained in:
Markus Frosch 2016-03-02 17:39:05 +01:00
parent 609b2da565
commit 929f45deea
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/Icinga/Authentication/Auth.php
View File

@ -244,7 +244,8 @@ class Auth
$this->user = Session::getSession()->get('user');
if ($this->user !== null && $this->user->isExternalUser() === true) {
list($originUsername, $field) = $this->user->getExternalUserInformation();
if (! array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) {
$username = getenv($field); // usually REMOTE_USER here
if ( !$username || $username !== $originUsername) {
$this->removeAuthorization();
}
}