From a23f983dddd365a588febad96f00b876ff5e8453 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 30 May 2013 17:15:39 +0000
Subject: Added support for automatic login after HTTP authentication if ACF
 user exists

---
 app/acf_www-controller.lua | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'app')

diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua
index 820359a..91872cb 100644
--- a/app/acf_www-controller.lua
+++ b/app/acf_www-controller.lua
@@ -262,6 +262,19 @@ mvc.on_load = function (self, parent)
 		end
 	end
 
+	if not (self.sessiondata.userinfo and self.sessiondata.userinfo.userid) and ENV.REMOTE_USER then
+		-- We do not have a valid user in session data, but we have successful HTTP auth
+		-- Kill the existing session
+		if (self.sessiondata.id and self.clientdata.sessionid) then
+			sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid)
+		end
+		self.sessiondata = {}
+		self.sessiondata.id = sessionlib.random_hash(512)
+		require("authenticator")
+		self.sessiondata.userinfo = authenticator.get_userinfo(self, ENV.REMOTE_USER)
+		logevent("Automatic login as ENV.REMOTE_USER: "..tostring(ENV.REMOTE_USER))
+	end
+
 	if nil == self.sessiondata.id then
 		self.sessiondata = {}
 		self.sessiondata.id = sessionlib.random_hash(512)
-- 
cgit v1.2.3