Revert "MDL-36838 moodle->mahara mnet SSO failure in FF17"

Firefox have now decided to reverse their UA change (since integration) and this patch has some minor drawbacks. This reverts commit b5a0e3b.
moodle · Nov 30, 2012 · 20f39d0 · 20f39d0
1 parent 4254759
commit 20f39d0
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php
@@ -46,18 +46,18 @@ function user_login($username, $password) {
     }
 
     /**
-     * Return user data for the provided token
+     * Return user data for the provided token, compare with user_agent string.
      *
      * @param  string $token    The unique ID provided by remotehost.
-     * @param  string $UA       User Agent string (as seen by SP) - ignored
+     * @param  string $UA       User Agent string.
      * @return array  $userdata Array of user info for remote host
      */
     function user_authorise($token, $useragent) {
         global $CFG, $SITE, $DB;
         $remoteclient = get_mnet_remote_client();
         require_once $CFG->dirroot . '/mnet/xmlrpc/serverlib.php';
 
-        $mnet_session = $DB->get_record('mnet_session', array('token'=>$token));
+        $mnet_session = $DB->get_record('mnet_session', array('token'=>$token, 'useragent'=>$useragent));
         if (empty($mnet_session)) {
             throw new mnet_server_exception(1, 'authfail_nosessionexists');
         }
@@ -1082,14 +1082,14 @@ function kill_children($username, $useragent) {
      * calls the function (over xmlrpc) provides us with the mnethostid we need.
      *
      * @param   string  $username       Username for session to kill
-     * @param   string  $useragent      SHA1 hash of user agent as seen by IdP - ignored
+     * @param   string  $useragent      SHA1 hash of user agent to look for
      * @return  bool                    True on success
      */
     function kill_child($username, $useragent) {
         global $CFG, $DB;
         $remoteclient = get_mnet_remote_client();
-        $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id));
-        $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id));
+        $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
+        $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
         if (false != $session) {
             session_kill($session->session_id);
             return true;