From 55a7af6ac988af01718e786efae1abe0f506cb32 Mon Sep 17 00:00:00 2001
From: Dave Mc Nicoll <info@mcnd.ca>
Date: Mon, 1 Mar 2021 16:11:22 +0000
Subject: [PATCH] - Fixed deleted users which tries to login/refresh - triggers
 a logout(). - Password is now optional, allowing easier hi-jacking of the
 login process, like through an OAuth or LDAP.

---
 src/Lib/Authenticate.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Lib/Authenticate.php b/src/Lib/Authenticate.php
index 29f5977..e876d31 100644
--- a/src/Lib/Authenticate.php
+++ b/src/Lib/Authenticate.php
@@ -37,6 +37,8 @@ class Authenticate {
     {
         $logUser = function(int $id) use ($repository) {
             if ( null === ( $user = $repository->loadFromPk($id) ) ) {
+                $this->logout();
+
                 throw new \Exception("User not found.");
             }
 
@@ -61,7 +63,7 @@ class Authenticate {
         $this->session->destroy();
     }
 
-    public function authenticate(\Ulmus\Repository $repository, array $userLogin, string $password) : User
+    public function authenticate(\Ulmus\Repository $repository, array $userLogin, ? string $password) : User
     {
         foreach($userLogin as $field => $value) {
             $repository->or($field, $value);
@@ -111,7 +113,7 @@ class Authenticate {
             $this->cookie->delete('user.id');
         }
 
-        $this->user->logged = false;
+        $this->user && $this->user->logged = false;
 
         return $this;
     }