PonyMirrors/Pony.fm
1
0
Fork 0
mirror of https://github.com/Poniverse/Pony.fm.git synced 2024-11-22 13:07:59 +01:00
Code Issues Projects Releases Packages Wiki Activity

Security: Fix auth.outh2 generating a user session

Browse source 
If you are logged out of Pony.fm, made a request to an endpoint using this middleware in the browser with an access token with the appropriate scope, then went back to Pony.fm, you'd be logged in as the owner of the access token.
This commit is contained in:
Adam Lavin 2016-01-01 20:55:00 +00:00
parent e85b79a9e4
commit 991f8df661
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/AuthenticateOAuth.php
View file

@ -70,7 +70,7 @@ class AuthenticateOAuth
$poniverseUser = $this->poniverse->getUser();
$user = User::findOrCreate($poniverseUser['username'], $poniverseUser['display_name'], $poniverseUser['email']);
Auth::login($user);
Auth::onceUsingId($user);
return $next($request);
}