github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-11 21:43:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Disable session (and thus enable sudo mode) when authenticating with API token

Browse Source
This commit is contained in:
Toby Zerner 2016-01-02 15:07:33 +10:30
parent 2777162d32
commit d242894938
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
framework/core/src/Http/Middleware/AuthenticateWithHeader.php
View File

@ -37,10 +37,10 @@ class AuthenticateWithHeader implements MiddlewareInterface
if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
$id = substr($parts[0], strlen($this->prefix));
if (isset($parts[1]) && ApiKey::find($id)) {
$actor = $this->getUser($parts[1]);
$request->getAttribute('session')->set('sudo_expiry', new DateTime);
if (isset($parts[1])) {
if (ApiKey::find($id)) {
$actor = $this->getUser($parts[1]);
}
} elseif ($token = AccessToken::find($id)) {
$token->touch();
@ -49,6 +49,7 @@ class AuthenticateWithHeader implements MiddlewareInterface
if (isset($actor)) {
$request = $request->withAttribute('actor', $actor);
$request = $request->withoutAttribute('session');
}
}