Respect realm when logging in

This change uses the username from the ccache to ensure we include the correct realm when logging in, enabling cross-realm login. Fixes: #114-logging-in-using-realm-ends-ip-with-the-wrong-upn
AMRC-FactoryPlus · Mar 20, 2024 · 3d3328f · 3d3328f
1 parent 61de77b
commit 3d3328f
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/app/Domain/Auth/Actions/AuthenticateUserAction.php b/app/Domain/Auth/Actions/AuthenticateUserAction.php
@@ -70,14 +70,17 @@ public function execute(string $username, string $password)
             }
         }
 
+        // Use the username from the ccache to ensure we include the correct realm
+        $username = $ccache->getPrincipal();
+
         // Get the local user with this username (null if they don't exist)
-        $user = User::whereUsername($username . '@' . config('manager.realm'))->first();
+        $user = User::whereUsername($username)->first();
 
         // If the user doesn't exist then create them
         if (!$user) {
             $user = User::create(
                 [
-                    'username' => $username . '@' . config('manager.realm'),
+                    'username' => $username,
                 ]
             );
         }