deon/phpldapadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only swap in user's credentials if the requested page is not the logout page. This avoids an issue if the user's credentials are changed during their session, they couldnt log out

Browse Source
This commit is contained in:
Deon George 2025-06-09 10:31:25 +10:00
parent 33d96940e6
commit 8602c2b17f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Middleware/SwapinAuthUser.php
View File

@ -29,7 +29,7 @@ class SwapinAuthUser
if (! array_key_exists($key,config('ldap.connections')))
abort(599,sprintf('LDAP default server [%s] configuration doesnt exist?',$key));
if (Session::has('username_encrypt') && Session::has('password_encrypt')) {
if (($request->path() !== 'logout') && Session::has('username_encrypt') && Session::has('password_encrypt')) {
Config::set('ldap.connections.'.$key.'.username',Crypt::decryptString(Session::get('username_encrypt')));
Config::set('ldap.connections.'.$key.'.password',Crypt::decryptString(Session::get('password_encrypt')));