From 60cf5ea297a17db861e73cd65d7b7862bd6bcc24 Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Thu, 4 Dec 2025 08:46:11 +0100
Subject: Improve anonymous authentication logic (#8165)

* Improve anonymous authentication logic

* forgot to git add

* Fix incorrect token check

Because an empty parameter could be just passed if token for the user wasn't set: `&token=`
---
 app/Models/Auth.php | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

(limited to 'app/Models')

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 6bf4a2b3f..ee806d78b 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -170,18 +170,8 @@ class FreshRSS_Auth {
 			'REMOTE_USER' => false,
 		]);
 
-		$username = '';
-		$token_param = Minz_Request::paramString('token');
-		if ($token_param != '') {
-			$username = Minz_Request::paramString('user');
-			if ($username != '') {
-				$conf = FreshRSS_UserConfiguration::getForUser($username);
-				if ($conf == null) {
-					$username = '';
-				}
-			}
-		}
-		if ($username == '') {
+		$username = Minz_Request::paramString('user');
+		if (!Minz_Request::tokenIsOk()) {
 			$username = FreshRSS_Context::systemConf()->default_user;
 		}
 		Minz_User::change($username);
-- 
cgit v1.2.3