Logged out user if key is invalid
This commit is contained in:
Dmitrii Metelkin
parent
ac66abbd21
commit
1be8efccb3
2 changed files with 40 additions and 1 deletions
9
auth.php
9
auth.php
|
|
@ -148,7 +148,14 @@ class auth_plugin_userkey extends auth_plugin_base {
|
|||
$redirecturl = $CFG->wwwroot;
|
||||
}
|
||||
|
||||
$key = $this->userkeymanager->validate_key($keyvalue);
|
||||
try {
|
||||
$key = $this->userkeymanager->validate_key($keyvalue);
|
||||
} catch (moodle_exception $exception) {
|
||||
if (isloggedin()) {
|
||||
require_logout();
|
||||
}
|
||||
print_error($exception->errorcode);
|
||||
}
|
||||
|
||||
if (isloggedin()) {
|
||||
if ($SESSION->userid != $key->userid) {
|
||||
|
|
|
|||
|
|
@ -1021,4 +1021,36 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that authorised user gets logged out when trying to logged in with invalid key.
|
||||
*/
|
||||
public function test_if_invalid_key_authorised_user_gets_logged_out() {
|
||||
global $DB, $USER, $SESSION;
|
||||
|
||||
$user = $this->getDataGenerator()->create_user();
|
||||
$this->setUser($user);
|
||||
$this->assertEquals($USER->id, $user->id);
|
||||
|
||||
$key = new stdClass();
|
||||
$key->value = 'UserLogin';
|
||||
$key->script = 'auth/userkey';
|
||||
$key->userid = $this->user->id;
|
||||
$key->instance = $this->user->id;
|
||||
$key->iprestriction = null;
|
||||
$key->validuntil = time() + 300;
|
||||
$key->timecreated = time();
|
||||
$DB->insert_record('user_private_key', $key);
|
||||
|
||||
$_POST['key'] = 'Incorrect Key';
|
||||
|
||||
try {
|
||||
// Using @ is the only way to test this. Thanks moodle!
|
||||
@$this->auth->user_login_userkey();
|
||||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals('Incorrect key', $e->getMessage());
|
||||
$this->assertEmpty($USER->id);
|
||||
$this->assertEquals(new stdClass(), $SESSION);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue