github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-13 07:03:35 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Disable session (and thus enable sudo mode) when authenticating with API token

Browse Source
This commit is contained in:
Toby Zerner 2016-01-02 15:07:33 +10:30
parent 2777162d32
commit d242894938
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
framework/core/src/Http/Middleware/AuthenticateWithHeader.php
View File

@ -37,10 +37,10 @@ class AuthenticateWithHeader implements MiddlewareInterface
if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) { if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
$id = substr($parts[0], strlen($this->prefix)); $id = substr($parts[0], strlen($this->prefix));
if (isset($parts[1]) && ApiKey::find($id)) { if (isset($parts[1])) {
if (ApiKey::find($id)) {
$actor = $this->getUser($parts[1]); $actor = $this->getUser($parts[1]);
}
$request->getAttribute('session')->set('sudo_expiry', new DateTime);
} elseif ($token = AccessToken::find($id)) { } elseif ($token = AccessToken::find($id)) {
$token->touch(); $token->touch();
@ -49,6 +49,7 @@ class AuthenticateWithHeader implements MiddlewareInterface
if (isset($actor)) { if (isset($actor)) {
$request = $request->withAttribute('actor', $actor); $request = $request->withAttribute('actor', $actor);
$request = $request->withoutAttribute('session');
} }
} }