From 82ef633c604f0a5e3e74bd7843d80241e2b567ba Mon Sep 17 00:00:00 2001
From: Josue-T <josue@tille.ch>
Date: Fri, 1 Feb 2019 10:59:18 +0100
Subject: [PATCH] Fix remote login user

When the authenticated user change, TTRSS keep the old user by the cookies
Force TTRSS to reload the the "REMOTE_USER" if it change
---
 sources/patches/app-login_remote_user.patch | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 sources/patches/app-login_remote_user.patch

diff --git a/sources/patches/app-login_remote_user.patch b/sources/patches/app-login_remote_user.patch
new file mode 100644
index 0000000..0ae748b
--- /dev/null
+++ b/sources/patches/app-login_remote_user.patch
@@ -0,0 +1,21 @@
+--- /include/functions.php
++++ /include/functions.php
+@@ -825,6 +825,18 @@
+ 				}
+ 
+ 			} else {
++				/* We need to check that the "REMOTE_USER" and "uid" are same.
++				 * If it has changed it's probably that the user logged out and
++				 * was authenticated with a other username.
++				 * In this case we need to reauthenticate the user
++				 */
++				if (AUTH_AUTO_LOGIN && $_SERVER["REMOTE_USER"] != $_SESSION["uid"]) {
++					if (authenticate_user(null, null)) {
++						$_SESSION["ref_schema_version"] = get_schema_version(true);
++					} else {
++						authenticate_user(null, null, true);
++					}
++				}
+ 				/* bump login timestamp */
+ 				$sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ 				$sth->execute([$_SESSION['uid']]);