From f1d3b72f05891e06a20c2fc20fec41b63800a150 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 18 Sep 2014 15:20:46 +0200
Subject: [PATCH] autologin: Fix externally-authenticated users still being
 authenticated after external authentication is disabled

The if condition for revoking authentication if the username changed relied on having the `$_SERVER' variable set which was used for authentication.
Authentication is now revoked if the username changed or external authentication is no longer in effect.

refs #6462
---
 library/Icinga/Authentication/Manager.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/library/Icinga/Authentication/Manager.php b/library/Icinga/Authentication/Manager.php
index 76709a13b..efe9b5815 100644
--- a/library/Icinga/Authentication/Manager.php
+++ b/library/Icinga/Authentication/Manager.php
@@ -113,30 +113,32 @@ class Manager
     }
 
     /**
-     * Tries to authenticate the user with the current session
+     * Try to authenticate the user with the current session
+     *
+     * Authentication for externally-authenticated users will be revoked if the username changed or external
+     * authentication is no longer in effect
      */
     public function authenticateFromSession()
     {
         $this->user = Session::getSession()->get('user');
-
         if ($this->user !== null && $this->user->isRemoteUser() === true) {
             list($originUsername, $field) = $this->user->getRemoteUserInformation();
-            if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) {
+            if (! array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) {
                 $this->removeAuthorization();
             }
         }
     }
 
     /**
-     * Returns true when the user is currently authenticated
+     * Whether the user is authenticated
      *
-     * @param  Boolean  $ignoreSession  Set to true to prevent authentication by session
+     * @param  bool $ignoreSession True to prevent session authentication
      *
      * @return bool
      */
     public function isAuthenticated($ignoreSession = false)
     {
-        if ($this->user === null && !$ignoreSession) {
+        if ($this->user === null && ! $ignoreSession) {
             $this->authenticateFromSession();
         }
         return is_object($this->user);