Don't rely on

This commit is contained in:
Dmitrii Metelkin 2019-11-17 00:42:44 +11:00
parent 1f8860f189
commit acb3ffd66d
2 changed files with 11 additions and 4 deletions

View file

@ -137,7 +137,7 @@ class auth_plugin_userkey extends auth_plugin_base {
* @throws \moodle_exception If something went wrong.
*/
public function user_login_userkey() {
global $SESSION, $CFG;
global $SESSION, $CFG, $USER;
$keyvalue = required_param('key', PARAM_ALPHANUM);
$wantsurl = optional_param('wantsurl', '', PARAM_URL);
@ -157,8 +157,13 @@ class auth_plugin_userkey extends auth_plugin_base {
print_error($exception->errorcode);
}
if (isloggedin() && $SESSION->userid != $key->userid) {
if (isloggedin()) {
if ($USER->id != $key->userid) {
require_logout();
} else {
$this->userkeymanager->delete_keys($key->userid);
$this->redirect($redirecturl);
}
}
$this->userkeymanager->delete_keys($key->userid);

View file

@ -1080,7 +1080,9 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
} catch (moodle_exception $e) {
$this->assertEquals($this->user->id, $USER->id);
$this->assertSame(sesskey(), $USER->sesskey);
$this->assertObjectHasAttribute('userkey', $SESSION);
$this->assertObjectNotHasAttribute('userkey', $SESSION);
$keyexists = $DB->record_exists('user_private_key', array('value' => 'UserLogin'));
$this->assertFalse($keyexists);
}
}