Fix login bug when HTTP REMOTE_USER changes

YunoHost-Apps/freshrss_ynh#33
javerous · Jan 1, 2018 · 41e3537 · 41e3537
1 parent 95d6fe4
commit 41e3537
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
@@ -13,6 +13,11 @@ class FreshRSS_Auth {
 	 * This method initializes authentication system.
 	 */
 	public static function init() {
+		if (Minz_Session::param('REMOTE_USER', '') !== httpAuthUser()) {
+			//HTTP REMOTE_USER has changed
+			self::removeAccess();
+		}
+
 		self::$login_ok = Minz_Session::param('loginOk', false);
 		$current_user = Minz_Session::param('currentUser', '');
 		if ($current_user === '') {
@@ -58,6 +63,7 @@ private static function accessControl() {
 			$login_ok = $current_user != '';
 			if ($login_ok) {
 				Minz_Session::_param('currentUser', $current_user);
+				Minz_Session::_param('REMOTE_USER', $current_user);
 			}
 			return $login_ok;
 		case 'none':