Merged in gproly/processmaker/HOR-499 (pull request #3863)

HOR-499

workflow/engine/classes/class.pmDynaform.php

@@ -115,7 +115,9 @@ class pmDynaform
         $flagTrackerUser = false;
 
         if (!isset($_SESSION['USER_LOGGED'])) {
-            if (!preg_match("/^.*\/" . SYS_SKIN . "\/tracker\/.*$/", $_SERVER["REQUEST_URI"])) {
+            if (!preg_match("/^.*\/" . SYS_SKIN . "\/tracker\/.*$/", $_SERVER["REQUEST_URI"]) &&
+                    !preg_match("/^.*\/" . SYS_SKIN . "\/[a-z0-9A-Z]+\/[a-z0-9A-Z]+\.php$/", $_SERVER["REQUEST_URI"])
+            ) {
                 return;
             }
 
@@ -1529,7 +1531,7 @@ class pmDynaform
             'scope' => implode(' ', $oauthServer->getScope())
         ));
 
-        $response = $oauthServer->postAuthorize($authorize, $userId, true);
+        $response = $oauthServer->postAuthorize($authorize, $userId, true, array('USER_LOGGED' => $_SESSION['USER_LOGGED']));
         $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
 
         return $code;

workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php

@@ -236,10 +236,14 @@ class Server implements iAuthenticate
      *
      * @format JsonFormat,UploadFormat
      */
-    public function postAuthorize($authorize = null, $userId = null, $returnResponse = false)
+    public function postAuthorize($authorize = null, $userId = null, $returnResponse = false, $cacheSessionValue = array())
     {
         @session_start();
 
+        foreach ($cacheSessionValue as $key => $value) {
+            $_SESSION[$key] = $value;
+        }
+
         if (! isset($_SESSION['USER_LOGGED'])) {
             throw new RestException(400, "Local Authentication Error, user session is not started.");
         }