Don't rely on
This commit is contained in:
parent
1f8860f189
commit
acb3ffd66d
2 changed files with 11 additions and 4 deletions
9
auth.php
9
auth.php
|
@ -137,7 +137,7 @@ class auth_plugin_userkey extends auth_plugin_base {
|
|||
* @throws \moodle_exception If something went wrong.
|
||||
*/
|
||||
public function user_login_userkey() {
|
||||
global $SESSION, $CFG;
|
||||
global $SESSION, $CFG, $USER;
|
||||
|
||||
$keyvalue = required_param('key', PARAM_ALPHANUM);
|
||||
$wantsurl = optional_param('wantsurl', '', PARAM_URL);
|
||||
|
@ -157,8 +157,13 @@ class auth_plugin_userkey extends auth_plugin_base {
|
|||
print_error($exception->errorcode);
|
||||
}
|
||||
|
||||
if (isloggedin() && $SESSION->userid != $key->userid) {
|
||||
if (isloggedin()) {
|
||||
if ($USER->id != $key->userid) {
|
||||
require_logout();
|
||||
} else {
|
||||
$this->userkeymanager->delete_keys($key->userid);
|
||||
$this->redirect($redirecturl);
|
||||
}
|
||||
}
|
||||
|
||||
$this->userkeymanager->delete_keys($key->userid);
|
||||
|
|
|
@ -1080,7 +1080,9 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
|
|||
} catch (moodle_exception $e) {
|
||||
$this->assertEquals($this->user->id, $USER->id);
|
||||
$this->assertSame(sesskey(), $USER->sesskey);
|
||||
$this->assertObjectHasAttribute('userkey', $SESSION);
|
||||
$this->assertObjectNotHasAttribute('userkey', $SESSION);
|
||||
$keyexists = $DB->record_exists('user_private_key', array('value' => 'UserLogin'));
|
||||
$this->assertFalse($keyexists);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue