Created
January 26, 2016 23:10
-
-
Save josephdpurcell/f81a69062298dda0921f to your computer and use it in GitHub Desktop.
RESTful patch: Do not take the anon user as a valid authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/Authentication/AuthenticationManager.php b/src/Authentication/AuthenticationManager.php | |
index 460815c..2f0e059 100644 | |
--- a/src/Authentication/AuthenticationManager.php | |
+++ b/src/Authentication/AuthenticationManager.php | |
@@ -96,13 +96,13 @@ class AuthenticationManager implements AuthenticationManagerInterface { | |
$account = NULL; | |
foreach ($this->plugins as $provider) { | |
/* @var \Drupal\restful\Plugin\authentication\AuthenticationInterface $provider */ | |
- if ($provider->applies($request) && $account = $provider->authenticate($request)) { | |
+ if ($provider->applies($request) && ($account = $provider->authenticate($request)) && $account->uid) { | |
// The account has been loaded, we can stop looking. | |
break; | |
} | |
} | |
- if (!$account) { | |
+ if (empty($account->uid)) { | |
if (RestfulManager::isRestfulPath($request) && $this->plugins->count() && !$this->getIsOptional()) { | |
// Allow caching pages for anonymous users. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment