kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-15 02:04:38 +00:00
Code Issues Projects Releases Wiki Activity

Don't expose username when not logged in

Browse Source
This commit is contained in:
Bernd Bestel
2018-05-12 14:56:51 +02:00
parent bbb5f1c7c7
commit ab8094e1c0
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
middleware/SessionAuthMiddleware.php
View File

@@ -21,6 +21,7 @@ class SessionAuthMiddleware extends BaseMiddleware
if ($routeName === 'root' || $this->ApplicationService->IsDemoInstallation())
{
define('AUTHENTICATED', $this->ApplicationService->IsDemoInstallation());
$response = $next($request, $response);
}
else
@@ -28,10 +29,12 @@ class SessionAuthMiddleware extends BaseMiddleware
$sessionService = new SessionService();
if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login')
{
define('AUTHENTICATED', false);
$response = $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/login'));
}
else
{
define('AUTHENTICATED', $routeName !== 'login');
$response = $next($request, $response);
}
}