Security: Fix auth.outh2 generating a user session

If you are logged out of Pony.fm, made a request to an endpoint using this middleware in the browser with an access token with the appropriate scope, then went back to Pony.fm, you'd be logged in as the owner of the access token.
This commit is contained in:
Adam Lavin 2016-01-01 20:55:00 +00:00
parent e85b79a9e4
commit 991f8df661

View file

@ -70,7 +70,7 @@ class AuthenticateOAuth
$poniverseUser = $this->poniverse->getUser(); $poniverseUser = $this->poniverse->getUser();
$user = User::findOrCreate($poniverseUser['username'], $poniverseUser['display_name'], $poniverseUser['email']); $user = User::findOrCreate($poniverseUser['username'], $poniverseUser['display_name'], $poniverseUser['email']);
Auth::login($user); Auth::onceUsingId($user);
return $next($request); return $next($request);
} }