From feed927fd28205b6cf5acb3b6fb1abc8bdd10a28 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 30 Jul 2015 14:50:05 +0200
Subject: [PATCH] Let external auth win over session auth and session auth over
 http auth

refs #9660
---
 library/Icinga/Authentication/Auth.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php
index 8ff11b091..9b1360a60 100644
--- a/library/Icinga/Authentication/Auth.php
+++ b/library/Icinga/Authentication/Auth.php
@@ -87,14 +87,13 @@ class Auth
      */
     public function isAuthenticated($ignoreSession = false)
     {
-        if ($this->user === null
-            && ! $this->authHttp()
-            && ! $this->authExternal()
-            && ! $ignoreSession
-        ) {
+        if ($this->user === null && ! $ignoreSession) {
             $this->authenticateFromSession();
         }
-        return $this->user !== null;
+        if ($this->user === null && ! $this->authExternal()) {
+            return $this->authHttp();
+        }
+        return true;
     }
 
     public function setAuthenticated(User $user, $persist = true)