From bb62d566123bfe39e78b3095051d673d5c6e0109 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 9 Jun 2014 10:02:40 -0500
Subject: [PATCH] auth: Consider AccessDenied thrown in SSO process

---
 include/class.auth.php | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/include/class.auth.php b/include/class.auth.php
index 02e8eaf52..f38ddd015 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -243,18 +243,24 @@ abstract class AuthenticationBackend {
             // All backends are queried here, even if they don't support
             // authentication so that extensions like lockouts and audits
             // can be supported.
-            $result = $bk->signOn();
-            if ($result instanceof AuthenticatedUser) {
-                //Perform further Object specific checks and the actual login
-                if (!$bk->login($result, $bk))
-                    continue;
+            try {
+                $result = $bk->signOn();
+                if ($result instanceof AuthenticatedUser) {
+                    //Perform further Object specific checks and the actual login
+                    if (!$bk->login($result, $bk))
+                        continue;
 
-                return $result;
+                    return $result;
+                }
+                elseif ($result instanceof ClientCreateRequest
+                        && $bk instanceof UserAuthenticationBackend)
+                    return $result;
+                elseif ($result instanceof AccessDenied) {
+                    break;
+                }
             }
-            elseif ($result instanceof ClientCreateRequest
-                    && $bk instanceof UserAuthenticationBackend)
-                return $result;
-            elseif ($result instanceof AccessDenied) {
+            catch (AccessDenied $e) {
+                $result = $e;
                 break;
             }
         }
-- 
GitLab