Skip to content
Snippets Groups Projects
Commit dcafe20f authored by Jared Hancock's avatar Jared Hancock
Browse files

Users can visit more than one ticket via link

Previously, once a client was authenticated to the system with an email
link, the user could utilize other email links to other tickets; however,
the same ticket page would be presented to the user regardless of which link
was utilized.

This patch allows the ticket in focus for the user to be changed after
visiting the client portal with a different ticket link.
parent 3eac4a8c
Branches
Tags
No related merge requests found
...@@ -599,15 +599,8 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend { ...@@ -599,15 +599,8 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
throw new AccessDenied('Account is administratively locked'); throw new AccessDenied('Account is administratively locked');
} }
//Tag the authkey. // Tag the user and associated ticket in the SESSION
$authkey = $bk::$id.':'.$authkey; $this->setAuthKey($user, $bk, $authkey);
//Set the session goodies
$authsession = &$_SESSION['_auth']['user'];
$authsession = array(); //clear.
$authsession['id'] = $user->getId();
$authsession['key'] = $authkey;
//The backend used decides the format of the auth key. //The backend used decides the format of the auth key.
// XXX: encrypt to hide the bk?? // XXX: encrypt to hide the bk??
...@@ -631,6 +624,20 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend { ...@@ -631,6 +624,20 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
return true; return true;
} }
function setAuthKey($user, $bk, $key=false) {
$authkey = $key ?: $bk->getAuthKey($user);
//Tag the authkey.
$authkey = $bk::$id.':'.$authkey;
//Set the session goodies
$authsession = &$_SESSION['_auth']['user'];
$authsession = array(); //clear.
$authsession['id'] = $user->getId();
$authsession['key'] = $authkey;
}
function authenticate($username, $password) { function authenticate($username, $password) {
return false; return false;
} }
......
...@@ -23,6 +23,11 @@ if ($_GET['auth'] ...@@ -23,6 +23,11 @@ if ($_GET['auth']
&& ($u = TicketUser::lookupByToken($_GET['auth'])) && ($u = TicketUser::lookupByToken($_GET['auth']))
&& ($u->getUserId() == $thisclient->getId()) && ($u->getUserId() == $thisclient->getId())
) { ) {
// Switch auth keys ? (Otherwise the user can never use links for two
// different tickets)
if (($bk = $thisclient->getAuthBackend()) instanceof AuthTokenAuthentication) {
$bk->setAuthKey($u, $bk);
}
Http::redirect('tickets.php?id='.$u->getTicketId()); Http::redirect('tickets.php?id='.$u->getTicketId());
} }
// Try autologin the user // Try autologin the user
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment