Treat PHP Errors on User session regenerate
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
remove unnecessary lines…
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
change PHP errors to ErrorException in the session (PHP >=7)
Otherwise it might be that authentication apps are being disabled on
during operation while in fact the session handler has hiccup.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This is a hacky way to allow the use case of #1303.
What happens is
1. User tries to login
2. PreLoginHook kicks in and figures out that the user need to change
their LDAP password or whatever => redirects user
3. While loading the redirect some logic of ours kicks in and logouts
the user (thus clearing the session).
4. We render the new page but now the session and the page disagree
about the CSRF token
This is kind of hacky but I don't think it introduces new attack
vectors.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Lukas Reschke
Arthur Schiwon
Victor Dubiniuk
Roeland Jago Douma
Joas Schilling
Lukas Reschke
Christoph Wurst
Roeland Jago Douma