Always set Auth interface in DI to the correct plugin's Auth implementation (#13279)

* Make sure Auth interface is always set even if session auth succeeds.

* Add failing test.

* Fix FrontControllerTest

* Put hash token authentication back since it is still in use in plugins.

1 files changed, 14 insertions, 2 deletions

diff --git a/core/Session/SessionAuth.php b/core/Session/SessionAuth.php
index 9a0c47f258..0c23f13cc2 100644
--- a/core/Session/SessionAuth.php
+++ b/core/Session/SessionAuth.php
@@ -34,6 +34,13 @@ class SessionAuth implements Auth
      */
     private $userModel;
 
+    /**
+     * Set internally so it can be queried in FrontController.
+     *
+     * @var string
+     */
+    private $user;
+
     public function __construct(UsersModel $userModel = null, $shouldDestroySession = true)
     {
         $this->userModel = $userModel ?: new UsersModel();
@@ -52,7 +59,7 @@ class SessionAuth implements Auth
 
     public function getLogin()
     {
-        // empty
+        return $this->user['login'];
     }
 
     public function getTokenAuthSecret()
@@ -129,7 +136,7 @@ class SessionAuth implements Auth
 
     private function makeAuthSuccess($user)
     {
-        $this->setTokenAuth($user['token_auth']);
+        $this->user = $user;
 
         $isSuperUser = (int) $user['superuser_access'];
         $code = $isSuperUser ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
@@ -165,4 +172,9 @@ class SessionAuth implements Auth
             Session::regenerateId();
         }
     }
+
+    public function getTokenAuth()
+    {
+        return $this->user['token_auth'];
+    }
 }