Updating user count validation (#1430)

This change is to address https://app.asana.com/0/808093868887967/1188274656222915 . These problems were brought to our attention via our 2019 engagement with TrustedCI. Specifically, we now ensure that only a single user record is returned from these queries, anything else is considered an exception.
ubccr · Aug 25, 2020 · 89466b8 · 89466b8
1 parent 691a5ae
commit 89466b8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/classes/Rest/Utilities/Authentication.php b/classes/Rest/Utilities/Authentication.php
@@ -228,7 +228,7 @@ private static function resolveUserFromToken(
             $resolver_query_params
         );
 
-        if (count($user_check) > 0) {
+        if (count($user_check) === 1) {
             $last_active_time = self::getMicrotime();
 
             $last_active_query = "

diff --git a/classes/XDUser.php b/classes/XDUser.php
@@ -775,7 +775,8 @@ public static function authenticate($uname, $pass)
                 'user_type' => SSO_USER_TYPE
             )
         );
-        if (count($userCheck) == 0) {
+
+        if (count($userCheck) !== 1) {
             return null;
         }