Skip to content

Commit dcafe20

Browse files
author
Jared Hancock
committed
Users can visit more than one ticket via link
Previously, once a client was authenticated to the system with an email link, the user could utilize other email links to other tickets; however, the same ticket page would be presented to the user regardless of which link was utilized. This patch allows the ticket in focus for the user to be changed after visiting the client portal with a different ticket link.
1 parent 3eac4a8 commit dcafe20

File tree

2 files changed

+21
-9
lines changed

2 files changed

+21
-9
lines changed

include/class.auth.php

+16-9
Original file line numberDiff line numberDiff line change
@@ -599,15 +599,8 @@ function login($user, $bk) {
599599
throw new AccessDenied('Account is administratively locked');
600600
}
601601

602-
//Tag the authkey.
603-
$authkey = $bk::$id.':'.$authkey;
604-
605-
//Set the session goodies
606-
$authsession = &$_SESSION['_auth']['user'];
607-
608-
$authsession = array(); //clear.
609-
$authsession['id'] = $user->getId();
610-
$authsession['key'] = $authkey;
602+
// Tag the user and associated ticket in the SESSION
603+
$this->setAuthKey($user, $bk, $authkey);
611604

612605
//The backend used decides the format of the auth key.
613606
// XXX: encrypt to hide the bk??
@@ -631,6 +624,20 @@ function login($user, $bk) {
631624
return true;
632625
}
633626

627+
function setAuthKey($user, $bk, $key=false) {
628+
$authkey = $key ?: $bk->getAuthKey($user);
629+
630+
//Tag the authkey.
631+
$authkey = $bk::$id.':'.$authkey;
632+
633+
//Set the session goodies
634+
$authsession = &$_SESSION['_auth']['user'];
635+
636+
$authsession = array(); //clear.
637+
$authsession['id'] = $user->getId();
638+
$authsession['key'] = $authkey;
639+
}
640+
634641
function authenticate($username, $password) {
635642
return false;
636643
}

view.php

+5
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,11 @@
2323
&& ($u = TicketUser::lookupByToken($_GET['auth']))
2424
&& ($u->getUserId() == $thisclient->getId())
2525
) {
26+
// Switch auth keys ? (Otherwise the user can never use links for two
27+
// different tickets)
28+
if (($bk = $thisclient->getAuthBackend()) instanceof AuthTokenAuthentication) {
29+
$bk->setAuthKey($u, $bk);
30+
}
2631
Http::redirect('tickets.php?id='.$u->getTicketId());
2732
}
2833
// Try autologin the user

0 commit comments

Comments
 (0)