Permalink
Browse files

Revert "MDL-36838 moodle->mahara mnet SSO failure in FF17"

Firefox have now decided to reverse their UA change (since integration)
and this patch has some minor drawbacks.

This reverts commit b5a0e3b.
  • Loading branch information...
1 parent 4254759 commit 20f39d0f9809ed1c9cd3be835f589016c82d19a7 @danpoltawski danpoltawski committed Nov 30, 2012
Showing with 6 additions and 6 deletions.
  1. +6 −6 auth/mnet/auth.php
View
@@ -46,18 +46,18 @@ function user_login($username, $password) {
}
/**
- * Return user data for the provided token
+ * Return user data for the provided token, compare with user_agent string.
*
* @param string $token The unique ID provided by remotehost.
- * @param string $UA User Agent string (as seen by SP) - ignored
+ * @param string $UA User Agent string.
* @return array $userdata Array of user info for remote host
*/
function user_authorise($token, $useragent) {
global $CFG, $SITE, $DB;
$remoteclient = get_mnet_remote_client();
require_once $CFG->dirroot . '/mnet/xmlrpc/serverlib.php';
- $mnet_session = $DB->get_record('mnet_session', array('token'=>$token));
+ $mnet_session = $DB->get_record('mnet_session', array('token'=>$token, 'useragent'=>$useragent));
if (empty($mnet_session)) {
throw new mnet_server_exception(1, 'authfail_nosessionexists');
}
@@ -1082,14 +1082,14 @@ function kill_children($username, $useragent) {
* calls the function (over xmlrpc) provides us with the mnethostid we need.
*
* @param string $username Username for session to kill
- * @param string $useragent SHA1 hash of user agent as seen by IdP - ignored
+ * @param string $useragent SHA1 hash of user agent to look for
* @return bool True on success
*/
function kill_child($username, $useragent) {
global $CFG, $DB;
$remoteclient = get_mnet_remote_client();
- $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id));
- $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id));
+ $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
+ $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
if (false != $session) {
session_kill($session->session_id);
return true;

0 comments on commit 20f39d0

Please sign in to comment.