From 0ce43be9de5bf676ceffa2e419941863f98fa970 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 9 Apr 2017 00:25:04 +0200
Subject: Multi-user token

https://github.com/FreshRSS/FreshRSS/issues/1390
https://github.com/FreshRSS/FreshRSS/issues/366
---
 app/Models/Auth.php | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

(limited to 'app/Models/Auth.php')

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 476627e10..4de058999 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -74,6 +74,10 @@ class FreshRSS_Auth {
 	public static function giveAccess() {
 		$current_user = Minz_Session::param('currentUser');
 		$user_conf = get_user_configuration($current_user);
+		if ($user_conf == null) {
+			self::$login_ok = false;
+			return;
+		}
 		$system_conf = Minz_Configuration::get('system');
 
 		switch ($system_conf->auth_type) {
@@ -120,13 +124,28 @@ class FreshRSS_Auth {
 	 * Removes all accesses for the current user.
 	 */
 	public static function removeAccess() {
-		Minz_Session::_param('loginOk');
 		self::$login_ok = false;
-		$conf = Minz_Configuration::get('system');
-		Minz_Session::_param('currentUser', $conf->default_user);
+		Minz_Session::_param('loginOk');
 		Minz_Session::_param('csrf');
+		$system_conf = Minz_Configuration::get('system');
 
-		switch ($conf->auth_type) {
+		$username = '';
+		$token_param = Minz_Request::param('token', '');
+		if ($token_param != '') {
+			$username = trim(Minz_Request::param('user', ''));
+			if ($username != '') {
+				$conf = get_user_configuration($username);
+				if ($conf == null) {
+					$username = '';
+				}
+			}
+		}
+		if ($username == '') {
+			$username = $system_conf->default_user;
+		}
+		Minz_Session::_param('currentUser', $username);
+
+		switch ($system_conf->auth_type) {
 		case 'form':
 			Minz_Session::_param('passwordHash');
 			FreshRSS_FormAuth::deleteCookie();
-- 
cgit v1.2.3