Make enhanced auth configurable
This commit is contained in:
parent
c85c35dfae
commit
e299c241df
|
@ -30,6 +30,9 @@ $CONFIG = array(
|
||||||
/* Force use of HTTPS connection (true = use HTTPS) */
|
/* Force use of HTTPS connection (true = use HTTPS) */
|
||||||
"forcessl" => false,
|
"forcessl" => false,
|
||||||
|
|
||||||
|
/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */
|
||||||
|
"enhancedauth" => true,
|
||||||
|
|
||||||
/* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
|
/* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
|
||||||
"enhancedauthtime" => 15 * 60,
|
"enhancedauthtime" => 15 * 60,
|
||||||
|
|
||||||
|
|
10
lib/json.php
10
lib/json.php
|
@ -83,10 +83,12 @@ class OC_JSON{
|
||||||
* Check if the user verified the login with his password
|
* Check if the user verified the login with his password
|
||||||
*/
|
*/
|
||||||
public static function verifyUser() {
|
public static function verifyUser() {
|
||||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
if(OC_Config::getValue('enhancedauth', true) === true) {
|
||||||
$l = OC_L10N::get('lib');
|
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||||
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
$l = OC_L10N::get('lib');
|
||||||
exit();
|
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
26
lib/util.php
26
lib/util.php
|
@ -391,17 +391,19 @@ class OC_Util {
|
||||||
* If not, the user will be shown a password verification page
|
* If not, the user will be shown a password verification page
|
||||||
*/
|
*/
|
||||||
public static function verifyUser() {
|
public static function verifyUser() {
|
||||||
// Check password to set session
|
if(OC_Config::getValue('enhancedauth', true) === true) {
|
||||||
if(isset($_POST['password'])) {
|
// Check password to set session
|
||||||
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
|
if(isset($_POST['password'])) {
|
||||||
$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
|
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
|
||||||
|
$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Check if the user verified his password
|
// Check if the user verified his password
|
||||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||||
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
|
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
|
||||||
exit();
|
exit();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -410,10 +412,12 @@ class OC_Util {
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public static function isUserVerified() {
|
public static function isUserVerified() {
|
||||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
if(OC_Config::getValue('enhancedauth', true) === true) {
|
||||||
return false;
|
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue