Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 02:14:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

reorder user JWT update and maint check

Browse Source
This commit is contained in:
HadleySo
2026-03-18 22:25:40 -05:00
parent 5f68295c91
commit 35d9e0060c
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
application/controllers/Header_auth.php
View File

@@ -24,9 +24,9 @@ class Header_auth extends CI_Controller {
}
/**
* Authenticate using a trusted request header/JWT token. This endpoint is meant to be called by a reverse proxy that sits in front of Wavelog and handles the actual authentication (e.g. OAuth2 Proxy, Apache mod_auth_oidc, etc.).
* Authenticate using a JWT from a trusted request header. This endpoint is meant to be called by a reverse proxy that sits in front of Wavelog and handles the actual authentication (e.g. OAuth2 Proxy, Apache mod_auth_oidc, etc.).
* The reverse proxy validates the user's session and forwards a JWT access token containing the user's identity and claims in a trusted HTTP header. This method decodes the token, verifies it, extracts the user information
* and logs the user in. Depending on configuration, it can also automatically create a local user account if one does not exist.
* and logs the user in. Depending on configuration, it can also automatically create a local user account if one does not exist, and update existing user data.
*
* For more information check out the documentation: https://docs.wavelog.org/admin-guide/configuration/third-party-authentication
*/
@@ -99,9 +99,6 @@ class Header_auth extends CI_Controller {
$user = $query->row();
// Update fields from JWT claims where override_on_update is enabled
$this->_update_user_from_claims($user->user_id, $mapped);
// Prevent clubstation direct login via header (mirrors User::login)
if (!empty($user->clubstation) && $user->clubstation == 1) {
$this->_sso_error(__("You can't login to a clubstation directly. Use your personal account instead."));
@@ -112,6 +109,15 @@ class Header_auth extends CI_Controller {
$this->_sso_error(__("Sorry. This instance is currently in maintenance mode. Only administrators are currently allowed to log in."));
}
// Check if club station before update
// Don't update fields in maintenance mode
if (ENVIRONMENT !== 'maintenance') {
// Update fields from JWT claims where override_on_update is enabled
$this->_update_user_from_claims($user->user_id, $mapped);
}
// Establish session
$this->user_model->update_session($user->user_id);
$this->user_model->set_last_seen($user->user_id);