Changeset 7485

Timestamp:

May 17, 2018, 8:50:51 AM (5 years ago)

Author:

Nicklas Nordborg

Message:

Fixes #2119: Geolocation should not be used for internal logins

We now check that the AuthenticationMethod used in the session is not INTERNAL (or null).

File:

• branches/3.12-stable/src/core/net/sf/basedb/core/SessionControl.java (modified) (3 diffs)

branches/3.12-stable/src/core/net/sf/basedb/core/SessionControl.java

@@ -350 +350 @@
   }
   
-  GeoLocation getLocation()
-  {
-    if (!locationLoaded)
+  GeoLocation getLocation(AuthenticationMethod authMeth)
+  {
+    if (!locationLoaded && authMeth != null && authMeth != AuthenticationMethod.INTERNAL)
     {
       locationLoaded = true;
@@ -895 +895 @@
     device.setLastUsed(now);
     device.setLastRemoteId(getRemoteId());
-    GeoLocation loc = getLocation();
+    GeoLocation loc = getLocation(authUser.getAuthenticationMethod());
     if (loc == null) loc = new GeoLocation(); // To force 'null' on the location fields
     device.setLocation(loc.toString());
@@ -1084 +1084 @@
     sessionData.setLoginComment(comment);
     sessionData.setRemoteId(getRemoteId());
-    GeoLocation loc = getLocation();
+    GeoLocation loc = getLocation(authenticationMethod);
     if (loc != null)
     {