Don't rely on
This commit is contained in:
parent
1f8860f189
commit
acb3ffd66d
2 changed files with 11 additions and 4 deletions
11
auth.php
11
auth.php
|
@ -137,7 +137,7 @@ class auth_plugin_userkey extends auth_plugin_base {
|
||||||
* @throws \moodle_exception If something went wrong.
|
* @throws \moodle_exception If something went wrong.
|
||||||
*/
|
*/
|
||||||
public function user_login_userkey() {
|
public function user_login_userkey() {
|
||||||
global $SESSION, $CFG;
|
global $SESSION, $CFG, $USER;
|
||||||
|
|
||||||
$keyvalue = required_param('key', PARAM_ALPHANUM);
|
$keyvalue = required_param('key', PARAM_ALPHANUM);
|
||||||
$wantsurl = optional_param('wantsurl', '', PARAM_URL);
|
$wantsurl = optional_param('wantsurl', '', PARAM_URL);
|
||||||
|
@ -157,8 +157,13 @@ class auth_plugin_userkey extends auth_plugin_base {
|
||||||
print_error($exception->errorcode);
|
print_error($exception->errorcode);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isloggedin() && $SESSION->userid != $key->userid) {
|
if (isloggedin()) {
|
||||||
require_logout();
|
if ($USER->id != $key->userid) {
|
||||||
|
require_logout();
|
||||||
|
} else {
|
||||||
|
$this->userkeymanager->delete_keys($key->userid);
|
||||||
|
$this->redirect($redirecturl);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->userkeymanager->delete_keys($key->userid);
|
$this->userkeymanager->delete_keys($key->userid);
|
||||||
|
|
|
@ -1080,7 +1080,9 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
|
||||||
} catch (moodle_exception $e) {
|
} catch (moodle_exception $e) {
|
||||||
$this->assertEquals($this->user->id, $USER->id);
|
$this->assertEquals($this->user->id, $USER->id);
|
||||||
$this->assertSame(sesskey(), $USER->sesskey);
|
$this->assertSame(sesskey(), $USER->sesskey);
|
||||||
$this->assertObjectHasAttribute('userkey', $SESSION);
|
$this->assertObjectNotHasAttribute('userkey', $SESSION);
|
||||||
|
$keyexists = $DB->record_exists('user_private_key', array('value' => 'UserLogin'));
|
||||||
|
$this->assertFalse($keyexists);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue