Enhanced auth is totally unmaintained and broken
Let's remove it, it's also not secure anymore with the introduction of our API etc... (And doesn't work with ldap etc…)
This commit is contained in:
parent
0810d80f8a
commit
eab6d7eb23
|
@ -36,12 +36,6 @@ $CONFIG = array(
|
|||
/* The automatic protocol detection of ownCloud can fail in certain reverse proxy situations. This option allows to manually override the protocol detection. For example "https" */
|
||||
"overwriteprotocol" => "",
|
||||
|
||||
/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */
|
||||
"enhancedauth" => true,
|
||||
|
||||
/* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
|
||||
"enhancedauthtime" => 15 * 60,
|
||||
|
||||
/* A proxy to use to connect to the internet. For example "myproxy.org:88" */
|
||||
"proxy" => "",
|
||||
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
<form method="post">
|
||||
<fieldset>
|
||||
<ul>
|
||||
<li class="errors">
|
||||
<?php echo $l->t('Security Warning!'); ?><br>
|
||||
<small><?php echo $l->t("Please verify your password. <br/>For security reasons you may be occasionally asked to enter your password again."); ?></small>
|
||||
</li>
|
||||
</ul>
|
||||
<p class="infield">
|
||||
<input type="text" value="<?php echo $_['username']; ?>" disabled="disabled" />
|
||||
</p>
|
||||
<p class="infield">
|
||||
<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
|
||||
<input type="password" name="password" id="password" value="" required />
|
||||
</p>
|
||||
<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Verify' ); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
13
lib/json.php
13
lib/json.php
|
@ -74,19 +74,6 @@ class OC_JSON{
|
|||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password
|
||||
*/
|
||||
public static function verifyUser() {
|
||||
if(OC_Config::getValue('enhancedauth', false) === true) {
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
$l = OC_L10N::get('lib');
|
||||
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Send json error msg
|
||||
|
|
34
lib/util.php
34
lib/util.php
|
@ -360,40 +360,6 @@ class OC_Util {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password in the last 15 minutes
|
||||
* If not, the user will be shown a password verification page
|
||||
*/
|
||||
public static function verifyUser() {
|
||||
if(OC_Config::getValue('enhancedauth', false) === true) {
|
||||
// Check password to set session
|
||||
if(isset($_POST['password'])) {
|
||||
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
|
||||
$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
|
||||
}
|
||||
}
|
||||
|
||||
// Check if the user verified his password
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password
|
||||
* @return bool
|
||||
*/
|
||||
public static function isUserVerified() {
|
||||
if(OC_Config::getValue('enhancedauth', false) === true) {
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Redirect to the user default page
|
||||
*/
|
||||
|
|
|
@ -30,10 +30,6 @@ if(is_null($userstatus)) {
|
|||
exit();
|
||||
}
|
||||
|
||||
if($userstatus === 'admin' || $userstatus === 'subadmin') {
|
||||
OC_JSON::verifyUser();
|
||||
}
|
||||
|
||||
// Return Success story
|
||||
if( OC_User::setPassword( $username, $password )) {
|
||||
OC_JSON::success(array("data" => array( "username" => $username )));
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
*/
|
||||
|
||||
OC_Util::checkLoggedIn();
|
||||
OC_Util::verifyUser();
|
||||
OC_App::loadApps();
|
||||
|
||||
OC_Util::addStyle( 'settings', 'settings' );
|
||||
|
|
Loading…
Reference in New Issue