svn commit: r1857992 - /ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1857992 - /ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

pgil
Author: pgil
Date: Tue Apr 23 07:31:29 2019
New Revision: 1857992

URL: http://svn.apache.org/viewvc?rev=1857992&view=rev
Log:
Fixed: User depersonation do not clean out impersonated user session.
(OFBIZ-10942)

Thank you Leila Mekika for reporting and providing the patch.

Modified:
    ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1857992&r1=1857991&r2=1857992&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Tue Apr 23 07:31:29 2019
@@ -716,8 +716,9 @@ public class LoginWorker {
         }
 
         //update the userLogin history, only one impersonation of this user can be active at the same time
+        GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
         EntityCondition conditions = EntityCondition.makeCondition(
-                EntityCondition.makeCondition("userLoginId", ((GenericValue) session.getAttribute("userLogin")).get("userLoginId")),
+                EntityCondition.makeCondition("userLoginId", userLogin.get("userLoginId")),
                 EntityCondition.makeCondition("originUserLoginId", originUserLogin.get("userLoginId")),
                 EntityUtil.getFilterByDateExpr());
         try {
@@ -733,6 +734,9 @@ public class LoginWorker {
             return "error";
         }
 
+        // Log out currentLogin to clean session
+        doBasicLogout(userLogin, request, response);
+
         // Log back the impersonating user
         return doMainLogin(request, response, originUserLogin, null);
     }