Always set Auth interface in DI to the correct plugin's Auth implementation (#13279)

* Make sure Auth interface is always set even if session auth succeeds. * Add failing test. * Fix FrontControllerTest * Put hash token authentication back since it is still in use in plugins.
author: diosmosis <diosmosis@users.noreply.github.com> 2018-08-17 13:23:56 +0300
committer: Matthieu Aubry <mattab@users.noreply.github.com> 2018-08-17 13:23:56 +0300
commit: a7216adb43c8242b64863cb072d861f21ddcfb54 (patch)
tree: d49b9735218a11460b86636c8c17e60504274df1 /plugins/Login
parent: 7b584f9a788fd044d886c18d699d0bf778c63e6b (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php
index ab827bf12c..7c3c2bb700 100644
--- a/plugins/Login/Auth.php
+++ b/plugins/Login/Auth.php
@@ -102,7 +102,8 @@ class Auth implements \Piwik\Auth
 
         if (!empty($user['token_auth'])
             // authenticate either with the token or the "hash token"
-            && $user['token_auth'] === $token
+            && ((SessionInitializer::getHashTokenAuth($login, $user['token_auth']) === $token)
+                || $user['token_auth'] === $token)
         ) {
             return $this->authenticationSuccess($user);
         }
@@ -191,4 +192,10 @@ class Auth implements \Piwik\Auth
 
         $this->hashedPassword = $passwordHash;
     }
+
+    // for tests
+    public function getTokenAuth()
+    {
+        return $this->token_auth;
+    }
 }
author	diosmosis <diosmosis@users.noreply.github.com>	2018-08-17 13:23:56 +0300
committer	Matthieu Aubry <mattab@users.noreply.github.com>	2018-08-17 13:23:56 +0300
commit	a7216adb43c8242b64863cb072d861f21ddcfb54 (patch)
tree	d49b9735218a11460b86636c8c17e60504274df1 /plugins/Login
parent	7b584f9a788fd044d886c18d699d0bf778c63e6b (diff)