Do not request reauthentication from users connected to a third party provider
authorTim Düsterhus <duesterhus@woltlab.com>
Tue, 1 Dec 2020 14:59:00 +0000 (15:59 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Mon, 7 Dec 2020 10:11:12 +0000 (11:11 +0100)
wcfsetup/install/files/lib/system/session/SessionHandler.class.php

index 24a0af976fc6d6362d4a0f572db7299e4dda8cdc..c468e8e7a39cfc74d24c1de4c32ba2ed38e3c04c 100644 (file)
@@ -877,6 +877,11 @@ final class SessionHandler extends SingletonFactory {
                        throw new \BadMethodCallException('The current user is a guest.');
                }
                
+               // Reauthentication for third party authentication is not supported.
+               if ($this->getUser()->authData) {
+                       return false;
+               }
+               
                $data = $this->getVar(self::REAUTHENTICATION_KEY);
                
                // Request a new authentication if no stored information is available.