Improve anonymous authentication logic (#8165)

* Improve anonymous authentication logic * forgot to git add * Fix incorrect token check Because an empty parameter could be just passed if token for the user wasn't set: `&token=`
author: Inverle <inverle@proton.me> 2025-12-04 08:46:11 +0100
committer: GitHub <noreply@github.com> 2025-12-04 08:46:11 +0100
commit: 60cf5ea297a17db861e73cd65d7b7862bd6bcc24 (patch)
tree: e1f9a123f79a3f5b449777ea2c17d98ca897adfb /app/Models/Auth.php
parent: 1621f12a15855b3e1b98d58b6e8effe959926b46 (diff)
1 files changed, 2 insertions, 12 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 6bf4a2b3f..ee806d78b 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -170,18 +170,8 @@ class FreshRSS_Auth {
 			'REMOTE_USER' => false,
 		]);
 
-		$username = '';
-		$token_param = Minz_Request::paramString('token');
-		if ($token_param != '') {
-			$username = Minz_Request::paramString('user');
-			if ($username != '') {
-				$conf = FreshRSS_UserConfiguration::getForUser($username);
-				if ($conf == null) {
-					$username = '';
-				}
-			}
-		}
-		if ($username == '') {
+		$username = Minz_Request::paramString('user');
+		if (!Minz_Request::tokenIsOk()) {
 			$username = FreshRSS_Context::systemConf()->default_user;
 		}
 		Minz_User::change($username);
author	Inverle <inverle@proton.me>	2025-12-04 08:46:11 +0100
committer	GitHub <noreply@github.com>	2025-12-04 08:46:11 +0100
commit	60cf5ea297a17db861e73cd65d7b7862bd6bcc24 (patch)
tree	e1f9a123f79a3f5b449777ea2c17d98ca897adfb /app/Models/Auth.php
parent	1621f12a15855b3e1b98d58b6e8effe959926b46 (diff)