Don't expose username when not logged in

2025-04-29 09:39:57 +00:00 · 2018-05-12 14:56:51 +02:00 · 2018-05-12 14:56:51 +02:00 · ab8094e1c0
commit ab8094e1c0
parent bbb5f1c7c7
2 changed files with 5 additions and 2 deletions
--- a/middleware/SessionAuthMiddleware.php
+++ b/middleware/SessionAuthMiddleware.php
@ -21,6 +21,7 @@ class SessionAuthMiddleware extends BaseMiddleware

 		if ($routeName === 'root' || $this->ApplicationService->IsDemoInstallation())
 		{
+			define('AUTHENTICATED', $this->ApplicationService->IsDemoInstallation());
 			$response = $next($request, $response);
 		}
 		else
@ -28,10 +29,12 @@ class SessionAuthMiddleware extends BaseMiddleware
 			$sessionService = new SessionService();
 			if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login')
 			{
+				define('AUTHENTICATED', false);
 				$response = $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/login'));
 			}
 			else
 			{
+				define('AUTHENTICATED', $routeName !== 'login');
 				$response = $next($request, $response);
 			}
 		}
--- a/views/components/usermenu.blade.php
+++ b/views/components/usermenu.blade.php
@ -1,11 +1,11 @@
 <ul class="nav navbar-nav navbar-right">
 	<li class="dropdown">
-		<a href="#" class="dropdown-toggle" data-toggle="dropdown">{{ HTTP_USER }} <span class="caret"></span></a>
+		<a href="#" class="dropdown-toggle" data-toggle="dropdown">@if(AUTHENTICATED === true){{ HTTP_USER }}@endif <span class="caret"></span></a>
 		<ul class="dropdown-menu">
 			<li>
 				<a class="discrete-link logout-button" href="{{ $U('/logout') }}"><i class="fa fa-sign-out fa-fw"></i>&nbsp;{{ $L('Logout') }}</a>
 			</li>
-			<li role="separator" class="divider"></li>
+			<li class="divider logout-button"></li>
 			<li>
 				<a class="discrete-link" href="{{ $U('/manageapikeys') }}"><i class="fa fa-handshake-o fa-fw"></i>&nbsp;{{ $L('Manage API keys') }}</a>
 			</li>