From 991f8df66193d156581ea7101472d22920c40e52 Mon Sep 17 00:00:00 2001
From: Adam Lavin <adam@lavoaster.co.uk>
Date: Fri, 1 Jan 2016 20:55:00 +0000
Subject: [PATCH] Security: Fix auth.outh2 generating a user session

If you are logged out of Pony.fm, made a request to an endpoint using this middleware in the browser with an access token with the appropriate scope, then went back to Pony.fm, you'd be logged in as the owner of the access token.
---
 app/Http/Middleware/AuthenticateOAuth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/AuthenticateOAuth.php b/app/Http/Middleware/AuthenticateOAuth.php
index 34ea5a8e..d92cd01b 100644
--- a/app/Http/Middleware/AuthenticateOAuth.php
+++ b/app/Http/Middleware/AuthenticateOAuth.php
@@ -70,7 +70,7 @@ class AuthenticateOAuth
         $poniverseUser = $this->poniverse->getUser();
 
         $user = User::findOrCreate($poniverseUser['username'], $poniverseUser['display_name'], $poniverseUser['email']);
-        Auth::login($user);
+        Auth::onceUsingId($user);
 
         return $next($request);
     }