From 4af3911272ed08e61b8b96c17f9d38af6f64647c Mon Sep 17 00:00:00 2001
From: Artur Heinze <artur@agentejo.com>
Date: Mon, 6 Sep 2021 13:37:29 +0200
Subject: [PATCH] Fixes #1467

---
 modules/Cockpit/Controller/Auth.php | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/modules/Cockpit/Controller/Auth.php b/modules/Cockpit/Controller/Auth.php
index 2502e9de9..989f5c76f 100755
--- a/modules/Cockpit/Controller/Auth.php
+++ b/modules/Cockpit/Controller/Auth.php
@@ -15,25 +15,27 @@ class Auth extends \LimeExtra\Controller {
 
     public function check() {
 
-        if ($data = $this->param('auth')) {
+        if ($auth = $this->param('auth')) {
 
-            if (!\is_string($data['user']) || !\is_string($data['password'])) {
+            if (!isset($auth['user'], $auth['password']) || !\is_string($auth['user']) || !\is_string($auth['password'])) {
                 return ['success' => false, 'error' => 'Pre-condition failed'];
             }
 
-            if (isset($data['user']) && $this->app->helper('utils')->isEmail($data['user'])) {
-                $data['email'] = $data['user'];
-                $data['user']  = '';
+            $auth = ['user' => $auth['user'], 'password' => $auth['password']];
+
+            if (isset($auth['user']) && $this->app->helper('utils')->isEmail($auth['user'])) {
+                $auth['email'] = $auth['user'];
+                $auth['user']  = '';
             }
 
             if (!$this->app->helper('csrf')->isValid('login', $this->param('csrf'), true)) {
-                $this->app->trigger('cockpit.authentication.failed', [$data, 'Csrf validation failed']);
+                $this->app->trigger('cockpit.authentication.failed', [$auth, 'Csrf validation failed']);
                 return ['success' => false, 'error' => 'Csrf validation failed'];
             }
 
-            $user = $this->module('cockpit')->authenticate($data);
+            $user = $this->module('cockpit')->authenticate($auth);
 
-            if ($user && !$this->module('cockpit')->hasaccess('cockpit', 'backend', @$user['group'])) {
+            if ($user && !$this->module('cockpit')->hasaccess('cockpit', 'backend', $user['group'] ?? null)) {
                 $user = null;
             }
 
@@ -45,7 +47,7 @@ public function check() {
                 unset($user['api_key'], $user['_reset_token']);
 
             } else {
-                $this->app->trigger('cockpit.authentication.failed', [$data, 'Authentication failed']);
+                $this->app->trigger('cockpit.authentication.failed', [$auth, 'Authentication failed']);
             }
 
             if ($this->app->request->is('ajax')) {