Make enhanced auth configurable

13 years ago · e299c241df
parent c85c35dfae
commit e299c241df
3 changed files with 24 additions and 15 deletions
--- a/config/config.sample.php
+++ b/config/config.sample.php
@ -30,6 +30,9 @@ $CONFIG = array(
 /* Force use of HTTPS connection (true = use HTTPS) */
 "forcessl" => false,

+/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */
+"enhancedauth" => true,
+
 /* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
 "enhancedauthtime" => 15 * 60,

--- a/lib/json.php
+++ b/lib/json.php
@ -83,10 +83,12 @@ class OC_JSON{
 	* Check if the user verified the login with his password
 	*/
 	public static function verifyUser() {
-		if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-			$l = OC_L10N::get('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
-			exit();
+		if(OC_Config::getValue('enhancedauth', true) === true) {
+			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
+				$l = OC_L10N::get('lib');
+				self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+				exit();
+			}
 		}
 	}
 	
--- a/lib/util.php
+++ b/lib/util.php
@ -391,17 +391,19 @@ class OC_Util {
 	* If not, the user will be shown a password verification page
 	*/
 	public static function verifyUser() {
-		// Check password to set session
-		if(isset($_POST['password'])) {
-			if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
-				$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
+		if(OC_Config::getValue('enhancedauth', true) === true) {
+					// Check password to set session
+			if(isset($_POST['password'])) {
+				if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
+					$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
+				}
 			}
-		}

 		// Check if the user verified his password
-		if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-			OC_Template::printGuestPage("", "verify",  array('username' => OC_User::getUser()));
-			exit();
+			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
+				OC_Template::printGuestPage("", "verify",  array('username' => OC_User::getUser()));
+				exit();
+			}
 		}
 	}

@ -410,10 +412,12 @@ class OC_Util {
 	* @return bool
 	*/
 	public static function isUserVerified() {
-		if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-			return false;
+		if(OC_Config::getValue('enhancedauth', true) === true) {
+			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
+				return false;
+			}
+			return true;
 		}
-		return true;
 	}
 	
 	/**