mirror of
https://github.com/Poniverse/Pony.fm.git
synced 2024-11-25 22:47:59 +01:00
Security: Fix auth.outh2 generating a user session
If you are logged out of Pony.fm, made a request to an endpoint using this middleware in the browser with an access token with the appropriate scope, then went back to Pony.fm, you'd be logged in as the owner of the access token.
This commit is contained in:
parent
e85b79a9e4
commit
991f8df661
1 changed files with 1 additions and 1 deletions
|
@ -70,7 +70,7 @@ class AuthenticateOAuth
|
|||
$poniverseUser = $this->poniverse->getUser();
|
||||
|
||||
$user = User::findOrCreate($poniverseUser['username'], $poniverseUser['display_name'], $poniverseUser['email']);
|
||||
Auth::login($user);
|
||||
Auth::onceUsingId($user);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue