Enhanced auth is totally unmaintained and broken

Let's remove it, it's also not secure anymore with the introduction of
our API etc...
(And doesn't work with ldap etc…)

6 files changed, 0 insertions, 76 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index b1655d02830..33aafab5484 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -36,12 +36,6 @@ $CONFIG = array(
 /* The automatic protocol detection of ownCloud can fail in certain reverse proxy situations. This option allows to manually override the protocol detection. For example "https" */
 "overwriteprotocol" => "",
 
-/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */
-"enhancedauth" => true,
-
-/* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
-"enhancedauthtime" => 15 * 60,
-
 /* A proxy to use to connect to the internet. For example "myproxy.org:88" */
 "proxy" => "",
 
diff --git a/core/templates/verify.php b/core/templates/verify.php
deleted file mode 100644
index 600eaca05b7..00000000000
--- a/core/templates/verify.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<form method="post">
-	<fieldset>
-		<ul>
-			<li class="errors">
-				<?php echo $l->t('Security Warning!'); ?><br>
-				<small><?php echo $l->t("Please verify your password. <br/>For security reasons you may be occasionally asked to enter your password again."); ?></small>
-			</li>
-		</ul>
-		<p class="infield">
-			<input type="text"  value="<?php echo $_['username']; ?>" disabled="disabled" />
-		</p>
-		<p class="infield">
-			<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
-			<input type="password" name="password" id="password" value="" required />
-		</p>
-		<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Verify' ); ?>" />
-	</fieldset>
-</form>
diff --git a/lib/json.php b/lib/json.php
index 5ab877540d4..c87de3e200b 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -74,19 +74,6 @@ class OC_JSON{
 			exit();
 		}
 	}
-
-	/**
-	* Check if the user verified the login with his password
-	*/
-	public static function verifyUser() {
-		if(OC_Config::getValue('enhancedauth', false) === true) {
-			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-				$l = OC_L10N::get('lib');
-				self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
-				exit();
-			}
-		}
-	}
 	
 	/**
 	* Send json error msg
diff --git a/lib/util.php b/lib/util.php
index 06ae37176c1..a8576fc1057 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -361,40 +361,6 @@ class OC_Util {
 	}
 
 	/**
-	 * Check if the user verified the login with his password in the last 15 minutes
-	 * If not, the user will be shown a password verification page
-	 */
-	public static function verifyUser() {
-		if(OC_Config::getValue('enhancedauth', false) === true) {
-			// Check password to set session
-			if(isset($_POST['password'])) {
-				if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
-					$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
-				}
-			}
-
-			// Check if the user verified his password
-			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-				OC_Template::printGuestPage("", "verify",  array('username' => OC_User::getUser()));
-				exit();
-			}
-		}
-	}
-
-	/**
-	 * Check if the user verified the login with his password
-	 * @return bool
-	 */
-	public static function isUserVerified() {
-		if(OC_Config::getValue('enhancedauth', false) === true) {
-			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	/**
 	 * Redirect to the user default page
 	 */
 	public static function redirectToDefaultPage() {
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index aed000f7f24..8d45e62e4d8 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -30,10 +30,6 @@ if(is_null($userstatus)) {
 	exit();
 }
 
-if($userstatus === 'admin' || $userstatus === 'subadmin') {
-	OC_JSON::verifyUser();
-}
-
 // Return Success story
 if( OC_User::setPassword( $username, $password )) {
 	OC_JSON::success(array("data" => array( "username" => $username )));
diff --git a/settings/settings.php b/settings/settings.php
index add94b5b011..1e05452ec4d 100644
--- a/settings/settings.php
+++ b/settings/settings.php
@@ -6,7 +6,6 @@
  */
 
 OC_Util::checkLoggedIn();
-OC_Util::verifyUser();
 OC_App::loadApps();
 
 OC_Util::addStyle( 'settings', 'settings' );