From 41e35370c23812f6d842c632156eb8f1cf03f4d1 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 1 Jan 2018 22:11:15 +0100
Subject: [PATCH] Fix login bug when HTTP REMOTE_USER changes

https://github.com/YunoHost-Apps/freshrss_ynh/issues/33
---
 app/Models/Auth.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 4de058999205..32b673b6d3b0 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -13,6 +13,11 @@ class FreshRSS_Auth {
 	 * This method initializes authentication system.
 	 */
 	public static function init() {
+		if (Minz_Session::param('REMOTE_USER', '') !== httpAuthUser()) {
+			//HTTP REMOTE_USER has changed
+			self::removeAccess();
+		}
+
 		self::$login_ok = Minz_Session::param('loginOk', false);
 		$current_user = Minz_Session::param('currentUser', '');
 		if ($current_user === '') {
@@ -58,6 +63,7 @@ private static function accessControl() {
 			$login_ok = $current_user != '';
 			if ($login_ok) {
 				Minz_Session::_param('currentUser', $current_user);
+				Minz_Session::_param('REMOTE_USER', $current_user);
 			}
 			return $login_ok;
 		case 'none':