From fbebdd6e1c68fef1133886fedc4acfcdc58c66f6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 1 Dec 2020 15:59:00 +0100 Subject: [PATCH] Do not request reauthentication from users connected to a third party provider --- .../files/lib/system/session/SessionHandler.class.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 24a0af976f..c468e8e7a3 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -877,6 +877,11 @@ final class SessionHandler extends SingletonFactory { throw new \BadMethodCallException('The current user is a guest.'); } + // Reauthentication for third party authentication is not supported. + if ($this->getUser()->authData) { + return false; + } + $data = $this->getVar(self::REAUTHENTICATION_KEY); // Request a new authentication if no stored information is available. -- 2.20.1