AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for each request that reverse proxy user match user session

Browse Source
This commit is contained in:
Frederic Guillot
2015-10-24 09:30:27 -04:00
parent 9aca556fc6
commit 9129a16337
4 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Model/Authentication.php
View File

@@ -44,7 +44,10 @@ class Authentication extends Base
if ($this->userSession->isLogged()) {
// Check if the user session match an existing user
if (! $this->user->exists($this->userSession->getId())) {
$userNotFound = ! $this->user->exists($this->userSession->getId());
$reverseProxyWrongUser = REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->getUsername() !== $_SESSION['user']['username'];
if ($userNotFound || $reverseProxyWrongUser) {
$this->backend('rememberMe')->destroy($this->userSession->getId());
$this->session->close();
return false;