Skip to content
Snippets Groups Projects
Commit 9dcc824b authored by Vladimir Davydov's avatar Vladimir Davydov Committed by Vladimir Davydov
Browse files

box: ensure requested auth method matches user's 

After checking that the received authentication method and type are
compatible with auth_request_check(), authenticate() tries to
authenticate it using the user's authentication method with
authenticate_request(). The problem is the user may use a different
authenticate method from the one received in the request while
authenticate_request() expects the request to be valid. As a result,
it may crash in this case. Fix this by ensuring that the user's
authentication method matches the one received in the request.

Follow-up commit b5754d3f ("box: make auth subsystem pluggable")
Follow-up #7986

NO_DOC=bug fix
NO_CHANGELOG=unreleased
NO_TEST=will be added to EE, because CE supports just one auth method
parent 2574ff1a
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment