KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Logged out user if key is invalid

Browse source
This commit is contained in:
Dmitrii Metelkin 2019-11-16 23:59:16 +11:00
parent ac66abbd21
commit 1be8efccb3
2 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
auth.php
View file

@ -148,7 +148,14 @@ class auth_plugin_userkey extends auth_plugin_base {
$redirecturl = $CFG->wwwroot;
}
try {
$key = $this->userkeymanager->validate_key($keyvalue);
} catch (moodle_exception $exception) {
if (isloggedin()) {
require_logout();
}
print_error($exception->errorcode);
}
if (isloggedin()) {
if ($SESSION->userid != $key->userid) {

32
tests/auth_plugin_test.php
View file

@ -1021,4 +1021,36 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
}
}
/**
* Test that authorised user gets logged out when trying to logged in with invalid key.
*/
public function test_if_invalid_key_authorised_user_gets_logged_out() {
global $DB, $USER, $SESSION;
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);
$this->assertEquals($USER->id, $user->id);
$key = new stdClass();
$key->value = 'UserLogin';
$key->script = 'auth/userkey';
$key->userid = $this->user->id;
$key->instance = $this->user->id;
$key->iprestriction = null;
$key->validuntil = time() + 300;
$key->timecreated = time();
$DB->insert_record('user_private_key', $key);
$_POST['key'] = 'Incorrect Key';
try {
// Using @ is the only way to test this. Thanks moodle!
@$this->auth->user_login_userkey();
} catch (moodle_exception $e) {
$this->assertEquals('Incorrect key', $e->getMessage());
$this->assertEmpty($USER->id);
$this->assertEquals(new stdClass(), $SESSION);
}
}
}