Fossil SCM
If two or more repositories on the same host are part of a login-group (example: https://fossil-scm.org/home and https://fossil-scm.org/forum) and a user is logged into one of those repositories as an actual user (not as anonymous) but does not have an account on the other repository, grant the user an automatic "anonymous" login on the other repository where they do not have an account.
Commit
7df48cb2995cd775f42adad25caa45cc9ca023e75115cbfb2ff93150868a3c70
Parent
66b111aa42ee9db…
1 file changed
+8
-1
+8
-1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1449,11 +1449,18 @@ | ||
| 1449 | 1449 | ** are part of a login-group. |
| 1450 | 1450 | */ |
| 1451 | 1451 | uid = login_find_user(zUser, zHash); |
| 1452 | 1452 | if( uid==0 && login_transfer_credentials(zUser,zArg,zHash) ){ |
| 1453 | 1453 | uid = login_find_user(zUser, zHash); |
| 1454 | - if( uid ) record_login_attempt(zUser, zIpAddr, 1); | |
| 1454 | + if( uid ){ | |
| 1455 | + record_login_attempt(zUser, zIpAddr, 1); | |
| 1456 | + }else{ | |
| 1457 | + /* The login cookie is a valid login for project CODE, but no | |
| 1458 | + ** user named USER exists on this repository. Cannot login as | |
| 1459 | + ** USER, but at least give them "anonymous" login. */ | |
| 1460 | + uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); | |
| 1461 | + } | |
| 1455 | 1462 | } |
| 1456 | 1463 | } |
| 1457 | 1464 | login_create_csrf_secret(zHash); |
| 1458 | 1465 | } |
| 1459 | 1466 | |
| 1460 | 1467 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1449,11 +1449,18 @@ | |
| 1449 | ** are part of a login-group. |
| 1450 | */ |
| 1451 | uid = login_find_user(zUser, zHash); |
| 1452 | if( uid==0 && login_transfer_credentials(zUser,zArg,zHash) ){ |
| 1453 | uid = login_find_user(zUser, zHash); |
| 1454 | if( uid ) record_login_attempt(zUser, zIpAddr, 1); |
| 1455 | } |
| 1456 | } |
| 1457 | login_create_csrf_secret(zHash); |
| 1458 | } |
| 1459 | |
| 1460 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1449,11 +1449,18 @@ | |
| 1449 | ** are part of a login-group. |
| 1450 | */ |
| 1451 | uid = login_find_user(zUser, zHash); |
| 1452 | if( uid==0 && login_transfer_credentials(zUser,zArg,zHash) ){ |
| 1453 | uid = login_find_user(zUser, zHash); |
| 1454 | if( uid ){ |
| 1455 | record_login_attempt(zUser, zIpAddr, 1); |
| 1456 | }else{ |
| 1457 | /* The login cookie is a valid login for project CODE, but no |
| 1458 | ** user named USER exists on this repository. Cannot login as |
| 1459 | ** USER, but at least give them "anonymous" login. */ |
| 1460 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 1461 | } |
| 1462 | } |
| 1463 | } |
| 1464 | login_create_csrf_secret(zHash); |
| 1465 | } |
| 1466 | |
| 1467 |