You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Besides that this controller authenticates an user by setting internal Zotonic properties in the session. This bypasses the z_auth:logon_pw/2 or z_auth:logon/2 routines.
The internal routines should be called, as they enable observers to hook into the login process and correctly initialize the session and/or set cookies (an example is the device-id for rate limiting).
The text was updated successfully, but these errors were encountered:
In https://github.com/driebit/ginger/blob/master/modules/mod_ginger_base/controllers/controller_auth.erl#L100 the function claims to return some identity information for an user with id
Id
. In fact it is returning the identity with idId
, which probably belongs to a completely other user (and might even contain secrets that shouldn't be shared).Besides that this controller authenticates an user by setting internal Zotonic properties in the session. This bypasses the
z_auth:logon_pw/2
orz_auth:logon/2
routines.The internal routines should be called, as they enable observers to hook into the login process and correctly initialize the session and/or set cookies (an example is the device-id for rate limiting).
The text was updated successfully, but these errors were encountered: