From 11c3d3ebe8726aa69edddd50eab9e54037603e0b Mon Sep 17 00:00:00 2001
From: Sebastian Schenk <sebastian.schenk@itz.uni-halle.de>
Date: Wed, 21 May 2025 14:22:12 +0000
Subject: switch order in authenticate, fixes #5622

Closes #5622

Merge request studip/studip!4236
---
 app/controllers/ilias_auth.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/controllers/ilias_auth.php b/app/controllers/ilias_auth.php
index fd642dc..7f6f0a2 100644
--- a/app/controllers/ilias_auth.php
+++ b/app/controllers/ilias_auth.php
@@ -32,10 +32,6 @@ class IliasAuthController extends StudipController
     public function authenticate_action()
     {
         $authenticated = false;
-        $auth_status = StudipAuthAbstract::checkAuthentication(Request::get('login'), Request::get('password'));
-        if ($auth_status['uid']) {
-            $authenticated = true;
-        }
         $query = "SELECT external_user_token_valid_until FROM auth_extern WHERE external_user_name = ? AND external_user_token = ?";
         $result = DBManager::get()->fetchOne($query, [Request::get('login'), Request::get('password')]);
         if (count($result)) {
@@ -43,6 +39,12 @@ class IliasAuthController extends StudipController
                 $authenticated = true;
             }
         }
+        if (!$authenticated) {
+            $auth_status = StudipAuthAbstract::checkAuthentication(Request::get('login'), Request::get('password'));
+            if (!empty($auth_status['uid'])) {
+                $authenticated = true;
+            }
+        }
         if ($authenticated) {
             $this->render_text('authenticated');
         } else {
-- 
cgit v1.0