Permit to authenticate to the HL API doc using the session cookie

fixes glpi-project#18299
cedric-anne · Nov 18, 2024 · 962707c · 962707c
1 parent 19de857
commit 962707c
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/src/Glpi/Api/HL/Middleware/CookieAuthMiddleware.php b/src/Glpi/Api/HL/Middleware/CookieAuthMiddleware.php
@@ -41,18 +41,16 @@ class CookieAuthMiddleware extends AbstractMiddleware implements AuthMiddlewareI
 {
     public function process(MiddlewareInput $input, callable $next): void
     {
-        $auth = new \Auth();
-        if ($auth->getAlternateAuthSystemsUserLogin(\Auth::COOKIE)) {
-            // User could be authenticated by a cookie
-            // Need to use cookies for session and start it manually
-            ini_set('session.use_cookies', '1');
-            Session::start();
+        ini_set('session.use_cookies', '1');
+        Session::start();
+
+        if (($user_id = Session::getLoginUserID()) !== false) {
             // unset the response to indicate a successful auth
             $input->response = null;
             $input->client = [
                 'client_id' => 'internal', // Internal just means the user was authenticated internally either by cookie or an already existing session.
-                'users_id'  => Session::getLoginUserID(),
-                'scopes' => []
+                'users_id'  => $user_id,
+                'scopes'    => [],
             ];
         } else {
             $next($input);