From 7fe2a12af348b976cdf1615b2c430255b4fb9528 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 16 May 2025 19:11:42 +0200
Subject: [PATCH 1/2] actually run postRun hook

---
 inc/inc.ClassControllerCommon.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/inc/inc.ClassControllerCommon.php b/inc/inc.ClassControllerCommon.php
index cbf2cdafe..0203d9b48 100644
--- a/inc/inc.ClassControllerCommon.php
+++ b/inc/inc.ClassControllerCommon.php
@@ -75,7 +75,7 @@ class SeedDMS_Controller_Common {
 				if(method_exists($this, $action)) {
 					$refl = new ReflectionMethod($this, $action);
 					if($refl->isPublic())
-						return $this->{$action}();
+						$ret = $this->{$action}();
 					else {
 						echo "Action '".$action."' not public";
 						return false;
@@ -85,11 +85,12 @@ class SeedDMS_Controller_Common {
 					return false;
 				}
 			} else
-				return $this->run();
+				$ret = $this->run();
 		} else {
 			return false;
 		}
 		$this->callHook('postRun', get_class($this), $action ? $action : 'run');
+		return $ret;
 	}
 
 	public function setParams($params) {

From 964495b9b612f7bb3d205ffba8bf3aa8f7053fdf Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 16 May 2025 19:12:05 +0200
Subject: [PATCH 2/2] run authenticator only if user is still not known

---
 controllers/class.Login.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/controllers/class.Login.php b/controllers/class.Login.php
index 8afb360c4..8e9074eaa 100644
--- a/controllers/class.Login.php
+++ b/controllers/class.Login.php
@@ -222,7 +222,8 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 			}
 		}
 
-		$user = $authenticator->authenticate($login, $pwd);
+		if(!is_object($user))
+			$user = $authenticator->authenticate($login, $pwd);
 
 		if(0) {
 		/* Authenticate against LDAP server {{{ */