In the previous commit, the client would receive a failure message but would actually remain logged in after an authzid/authcid mismatch. This was a correctness rather than a security issue, but now it's fixed so that the client never logs in in the first place.tags/v2.0.0-rc1
|
|
||
971 |
|
971 |
|
972 |
|
972 |
|
973 |
|
973 |
|
974 |
|
|
|
|
974 |
|
|
975 |
|
975 |
|
976 |
|
976 |
|
977 |
|
977 |
|
|
|
||
991 |
|
991 |
|
992 |
|
992 |
|
993 |
|
993 |
|
|
994 |
|
|
|
995 |
|
|
|
996 |
|
|
|
997 |
|
|
994 |
|
998 |
|
995 |
|
999 |
|
996 |
|
1000 |
|
|
|
||
27 |
|
27 |
|
28 |
|
28 |
|
29 |
|
29 |
|
|
30 |
|
|
30 |
|
31 |
|
31 |
|
32 |
|
32 |
|
33 |
|
|
|
||
446 |
|
446 |
|
447 |
|
447 |
|
448 |
|
448 |
|
449 |
|
|
|
450 |
|
|
|
451 |
|
|
|
|
449 |
|
|
|
450 |
|
|
|
451 |
|
|
|
452 |
|
|
|
453 |
|
|
452 |
|
454 |
|
453 |
|
|
|
|
455 |
|
|
454 |
|
456 |
|
455 |
|
|
|
456 |
|
457 |
|
457 |
|
458 |
|
458 |
|
459 |
|
|
|
||
462 |
|
463 |
|
463 |
|
464 |
|
464 |
|
465 |
|
465 |
|
|
|
466 |
|
|
|
467 |
|
|
|
468 |
|
|
|
469 |
|
|
|
470 |
|
|
|
471 |
|
|
|
472 |
|
466 |
|
473 |
|
467 |
|
|
468 |
|
|
|
469 |
|
|
474 |
|
470 |
|
475 |
|
|
|
476 |
|
|
|
477 |
|
|
|
478 |
|
|
|
479 |
|
|
|
|
471 |
|
|
|
472 |
|
|
|
473 |
|
|
480 |
|
474 |
|
481 |
|
475 |
|
482 |
|
476 |
|
|
477 |
|
|
|
478 |
|
|
|
479 |
|
|
|
480 |
|
|
|
481 |
|
|
|
482 |
|
|
|
483 |
|
|
|
484 |
|
|
|
485 |
|
|
|
486 |
|
|
483 |
|
487 |
|
484 |
|
488 |
|
485 |
|
489 |
|
|
|
||
536 |
|
536 |
|
537 |
|
537 |
|
538 |
|
538 |
|
539 |
|
|
|
|
539 |
|
|
540 |
|
540 |
|
541 |
|
541 |
|
542 |
|
542 |
|