Commit 299de1e0 authored by Cyril Vazquez's avatar Cyril Vazquez

Merge branch 'hotfix/2.3.9_TempAuth_CSRF' into 'master'

Hotfix/2.3.9 temp auth csrf

See merge request !224
parents f2c947b0 c0b929d0
......@@ -50,7 +50,6 @@ class userAccount
$this->passwordEncryption = $passwordEncryption;
$this->securityPolicy = $securityPolicy;
$this->adminUsers = $adminUsers;
$this->currentAccount = \laabs::getToken('AUTH');
}
/**
......@@ -493,7 +492,7 @@ class userAccount
return false;
}
$accountToken = $this->currentAccount;
$accountToken = \laabs::getToken('AUTH');
if (!$accountToken) {
$userPrivileges = \laabs::configuration('auth')['publicUserStory'];
......
......@@ -71,6 +71,8 @@ class csrf
$account = $this->getAccount(true);
if (!$account) {
$this->sdoFactory->rollback();
return;
}
$accountTokens = $account->authentication->csrf;
......@@ -145,15 +147,19 @@ class csrf
*
* @return auth/userAccount
*/
private function getAccount($lock=false)
private function getAccount($lock = false)
{
$accountToken = \laabs::getToken('AUTH');
if (!$accountToken) {
return false;
$accountToken = \laabs::getToken('TEMP-AUTH');
if (!$accountToken) {
return false;
}
}
$account = $this->sdoFactory->read('auth/account', $accountToken, $lock);
$account = $this->sdoFactory->read('auth/account', $accountToken->accountId, $lock);
$account->authentication = json_decode($account->authentication);
if (empty($account->authentication)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment