From a32fbd25c1e9ee20a0c81d3a42195ba50d377265 Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Wed, 22 Jan 2020 11:02:38 +0100
Subject: [PATCH] FEAT #12951 TIME 0:20 Do not check fake password when sso
 connect

---
 apps/maarch_entreprise/log.php | 1 +
 core/class/class_security.php  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/maarch_entreprise/log.php b/apps/maarch_entreprise/log.php
index 48aa5afb66a..d3bdd15333a 100755
--- a/apps/maarch_entreprise/log.php
+++ b/apps/maarch_entreprise/log.php
@@ -65,6 +65,7 @@ if (isset($_SESSION['web_cas_url'])) {
 } elseif (!empty($_SESSION['sso']['userId'])) {
     $login = $_SESSION['sso']['userId'];
     $_REQUEST['pass'] = 'maarch';
+    $method = 'sso';
 } elseif (isset($_REQUEST['login'])) {
     $login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
 } else {
diff --git a/core/class/class_security.php b/core/class/class_security.php
index b8e25ac98d2..e3f275eb497 100755
--- a/core/class/class_security.php
+++ b/core/class/class_security.php
@@ -125,7 +125,7 @@ class security extends Database
         }
 
         $check = \SrcCore\models\AuthenticationModel::authentication(['userId' => $s_login, 'password' => $pass]);
-        if ($check || (in_array($method, ['ldap', 'shibboleth', 'cas']) && $standardConnect == 'false')) {
+        if ($check || (in_array($method, ['ldap', 'shibboleth', 'cas', 'sso']) && $standardConnect == 'false')) {
             $user = $uc->getWithComp($s_login, $comp, $params);
         }
 
-- 
GitLab