add global site selector as user back-end which doesn't support password confirmation

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index 463e7cd93c990bc6259bd1efcc9ba8159ecb6740..7c1c4595e9a84ca6a981ad19c8ebf3d4d3820910 100644 (file)
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -39,6 +39,8 @@ class PasswordConfirmationMiddleware extends Middleware {
        private $userSession;
        /** @var ITimeFactory */
        private $timeFactory;
+       /** @var array */
+       private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
 
        /**
         * PasswordConfirmationMiddleware constructor.
@@ -73,7 +75,7 @@ class PasswordConfirmationMiddleware extends Middleware {
 
                        $lastConfirm = (int) $this->session->get('last-password-confirm');
                        // we can't check the password against a SAML backend, so skip password confirmation in this case
-                       if ($backendClassName !== 'user_saml' && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
+                       if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
                                throw new NotConfirmedException();
                        }
                }

diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
index b691a8a64cb333d614fef10f17c7ad84805cc8ff..ad9ff0b6757e84d7526c32f77243f88e6851645c 100644 (file)
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@@ -70,6 +70,9 @@ class JSConfigHelper {
        /** @var CapabilitiesManager */
        private $capabilitiesManager;
 
+       /** @var array user back-ends excluded from password verification */
+       private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
+
        /**
         * @param IL10N $l
         * @param Defaults $defaults
@@ -158,7 +161,7 @@ class JSConfigHelper {
                $array = [
                        "oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
                        "oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
-                       "backendAllowsPasswordConfirmation" => $userBackend === 'user_saml'? 'false' : 'true',
+                       "backendAllowsPasswordConfirmation" => !isset($this->excludedUserBackEnds[$userBackend]) ? 'true' : 'false',
                        "oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
                        "oc_webroot" => "\"".\OC::$WEBROOT."\"",
                        "oc_appswebroots" =>  str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution