From 2452aaf4419795635de040389c8e001c978f0ba5 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <grandmaster@al2klimov.de>
Date: Sun, 24 Oct 2021 12:21:05 +0200
Subject: [PATCH] SetupController#run(): prevent admin auto-login after
 autoconfig-only setup

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
 core/Controller/SetupController.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/core/Controller/SetupController.php b/core/Controller/SetupController.php
index 0f1fa1c495e72..4e41e6bf32915 100644
--- a/core/Controller/SetupController.php
+++ b/core/Controller/SetupController.php
@@ -64,6 +64,12 @@ public function run(array $post): void {
 		}
 
 		if (isset($post['install']) and $post['install'] == 'true') {
+			// autoconfig.php by itself...
+			$autoConfig = $this->loadAutoConfig([]);
+
+			// ... already contains all setup parameters.
+			$autoConfigIsComplete = isset($autoConfig['install']) and $autoConfig['install'] == 'true';
+
 			// We have to launch the installation process :
 			$e = $this->setupHelper->install($post);
 			$errors = ['errors' => $e];
@@ -72,6 +78,14 @@ public function run(array $post): void {
 				$options = array_merge($opts, $post, $errors);
 				$this->display($options);
 			} else {
+				if ($autoConfigIsComplete) {
+					// Everything was done automatically, POSTed data (if any) had no effect.
+					// So the owner doesn't expect to have to visit the site first (ASAP).
+
+					// For the case the client isn't the owner, prevent auto-login (as admin).
+					header_remove('Set-Cookie');
+				}
+
 				$this->finishSetup();
 			}
 		} else {