diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2018-08-17 13:23:56 +0300 |
---|---|---|
committer | Matthieu Aubry <mattab@users.noreply.github.com> | 2018-08-17 13:23:56 +0300 |
commit | a7216adb43c8242b64863cb072d861f21ddcfb54 (patch) | |
tree | d49b9735218a11460b86636c8c17e60504274df1 /plugins/Login | |
parent | 7b584f9a788fd044d886c18d699d0bf778c63e6b (diff) |
Always set Auth interface in DI to the correct plugin's Auth implementation (#13279)
* Make sure Auth interface is always set even if session auth succeeds.
* Add failing test.
* Fix FrontControllerTest
* Put hash token authentication back since it is still in use in plugins.
Diffstat (limited to 'plugins/Login')
-rw-r--r-- | plugins/Login/Auth.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php index ab827bf12c..7c3c2bb700 100644 --- a/plugins/Login/Auth.php +++ b/plugins/Login/Auth.php @@ -102,7 +102,8 @@ class Auth implements \Piwik\Auth if (!empty($user['token_auth']) // authenticate either with the token or the "hash token" - && $user['token_auth'] === $token + && ((SessionInitializer::getHashTokenAuth($login, $user['token_auth']) === $token) + || $user['token_auth'] === $token) ) { return $this->authenticationSuccess($user); } @@ -191,4 +192,10 @@ class Auth implements \Piwik\Auth $this->hashedPassword = $passwordHash; } + + // for tests + public function getTokenAuth() + { + return $this->token_auth; + } } |