authUser is defined only if authHash is accepted

2024-09-03 20:06:27 +02:00 · 2020-05-21 22:57:57 +02:00 · 2020-05-21 22:57:57 +02:00 · 397f7b3910
commit 397f7b3910
parent 6a240e1dea
1 changed files with 3 additions and 2 deletions
--- a/helpers.lua
+++ b/helpers.lua
@ -244,13 +244,14 @@ function refresh_logged_in()
            if session_key and session_key ~= "" then
                -- Check cache
                if cache:get(user.."-password") then
-                    authUser = user
                    local hash = hmac_sha512(srvkey,
-                            authUser..
+                            user..
                            "|"..expireTime..
                            "|"..session_key)
                    if hash ~= authHash then
                        logger.info("Hash "..authHash.." rejected for "..user.."@"..ngx.var.remote_addr)
+                    else
+                        authUser = user
                    end
                    is_logged_in = hash == authHash
                    return is_logged_in