mirror of https://github.com/MISP/MISP
fix: [Auth] Correctly handle users accounts getting deleted whilst the users are logged in
- deauthed users would end up in a forced loop having to read the news creating a new blank user with each page refreshpull/3751/head
parent
40b1a4a271
commit
c74953a2fc
|
@ -360,6 +360,20 @@ class AppController extends Controller
|
|||
|
||||
if ($this->Session->check(AuthComponent::$sessionKey)) {
|
||||
if ($this->action !== 'checkIfLoggedIn' || $this->request->params['controller'] !== 'users') {
|
||||
$this->User->id = $this->Auth->user('id');
|
||||
if (!$this->User->exists()) {
|
||||
$message = __('Something went wrong. Your user account that you are authenticated with doesn\'t exist anymore.');
|
||||
if ($this->_isRest) {
|
||||
$this->RestResponse->throwException(
|
||||
401,
|
||||
$message
|
||||
);
|
||||
} else {
|
||||
$this->Flash->info($message);
|
||||
}
|
||||
$this->Auth->logout();
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
if (!empty(Configure::read('MISP.terms_file')) && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array($base_dir.'/users/terms', $base_dir.'/users/logout', $base_dir.'/users/login', $base_dir.'/users/downloadTerms')))) {
|
||||
//if ($this->_isRest()) throw new MethodNotAllowedException('You have not accepted the terms of use yet, please log in via the web interface and accept them.');
|
||||
if (!$this->_isRest()) {
|
||||
|
|
|
@ -31,8 +31,10 @@ class NewsController extends AppController
|
|||
}
|
||||
}
|
||||
$this->User->id = $this->Auth->user('id');
|
||||
$this->User->saveField('newsread', time());
|
||||
$this->set('newsItems', $newsItems);
|
||||
//if ($this->User->exists()) {
|
||||
$this->User->saveField('newsread', time());
|
||||
$this->set('newsItems', $newsItems);
|
||||
//}
|
||||
}
|
||||
|
||||
public function add()
|
||||
|
|
Loading…
Reference in New Issue