diff --git a/module/VuFind/src/VuFind/Auth/Manager.php b/module/VuFind/src/VuFind/Auth/Manager.php
index 8e70347cf102c9a3232013ebb3a6da480724c522..a379dc7605b3f77be6692a0c59be04bcd6783435 100644
--- a/module/VuFind/src/VuFind/Auth/Manager.php
+++ b/module/VuFind/src/VuFind/Auth/Manager.php
@@ -55,6 +55,13 @@ class Manager
*/
protected $activeAuth;
+ /**
+ * Whitelist of values allowed to be set into $activeAuth
+ *
+ * @var array
+ */
+ protected $legalAuthOptions;
+
/**
* VuFind configuration
*
@@ -108,13 +115,21 @@ class Manager
public function __construct(Config $config, UserTable $userTable,
SessionManager $sessionManager, PluginManager $pm
) {
+ // Store dependencies:
$this->config = $config;
- $this->activeAuth = isset($config->Authentication->method)
- ? $config->Authentication->method : null;
$this->userTable = $userTable;
$this->sessionManager = $sessionManager;
$this->pluginManager = $pm;
+
+ // Set up session:
$this->session = new \Zend\Session\Container('Account');
+
+ // Initialize active authentication setting (defaulting to Database
+ // if no setting passed in):
+ $method = isset($config->Authentication->method)
+ ? $config->Authentication->method : 'Database';
+ $this->legalAuthOptions = array($method);
+ $this->setAuthMethod($method);
}
/**
@@ -464,6 +479,18 @@ class Manager
*/
public function setAuthMethod($method)
{
+ // If an illegal option was passed in, block it now:
+ if (!in_array($method, $this->legalAuthOptions)) {
+ throw new \Exception("Illegal authentication method: $method");
+ }
+
+ // Change the setting:
$this->activeAuth = $method;
+
+ // If this method supports switching to a different method, add those
+ // options to the whitelist:
+ $this->legalAuthOptions = array_unique(
+ array_merge($this->legalAuthOptions, $this->getSelectableAuthOptions())
+ );
}
}