KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes when session already exist

Browse source 
When loggin in, if session already exist, the login is attached to the
old user/session.
Logout if current session userid doesn't match with loginurl key userid
and retry the login.
This commit is contained in:
Jorge Humberto Sanchez Jimenez 2019-06-13 12:13:51 -05:00 committed by Dmitrii Metelkin
parent 291f2a04c4
commit e847890304
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
auth.php
View file

@ -137,7 +137,7 @@ class auth_plugin_userkey extends auth_plugin_base {
* @throws \moodle_exception If something went wrong. * @throws \moodle_exception If something went wrong.
*/ */
public function user_login_userkey() { public function user_login_userkey() {
global $SESSION, $CFG; global $SESSION, $CFG, $PAGE;
$keyvalue = required_param('key', PARAM_ALPHANUM); $keyvalue = required_param('key', PARAM_ALPHANUM);
$wantsurl = optional_param('wantsurl', '', PARAM_URL); $wantsurl = optional_param('wantsurl', '', PARAM_URL);
@ -148,11 +148,15 @@ class auth_plugin_userkey extends auth_plugin_base {
$redirecturl = $CFG->wwwroot; $redirecturl = $CFG->wwwroot;
} }
$key = $this->userkeymanager->validate_key($keyvalue);
if (isloggedin()) { if (isloggedin()) {
$this->redirect($redirecturl); if ($SESSION->userid != $key->userid) {
require_logout();
$this->redirect($PAGE->url); // login url retry
}
} }
$key = $this->userkeymanager->validate_key($keyvalue);
$this->userkeymanager->delete_keys($key->userid); $this->userkeymanager->delete_keys($key->userid);
$user = get_complete_user_data('id', $key->userid); $user = get_complete_user_data('id', $key->userid);