disable password confirmation with SSO

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
author: Bjoern Schiessle <bjoern@schiessle.org> 2017-12-13 14:41:56 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-01-02 20:30:37 +0100
commit: 1bcbeb24bcb82f825d1993217cdb6878375c5077 (patch)
tree: 83b171423eb459f92fd0ecbf926ee09864b5996a /lib/private
parent: 7fdd9097bb8cfa4a5d3afe161e1ee2a71da3a8eb (diff)
download: nextcloud-server-1bcbeb24bcb82f825d1993217cdb6878375c5077.tar.gz
nextcloud-server-1bcbeb24bcb82f825d1993217cdb6878375c5077.zip
3 files changed, 21 insertions, 3 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 0b6291d46de..1d8a54982b4 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -234,7 +234,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 				$server->getContentSecurityPolicyManager(),
 				$server->getCsrfTokenManager(),
 				$server->getContentSecurityPolicyNonceManager(),
-				$server->getAppManager()
+				$server->getAppManager(),
+				$server->getUserSession()
 			);
 
 		});
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index ecd7b1bad5e..0fa76a45d29 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -55,6 +55,7 @@ use OCP\IURLGenerator;
 use OCP\IRequest;
 use OCP\ILogger;
 use OCP\AppFramework\Controller;
+use OCP\IUserSession;
 use OCP\Util;
 use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
 
@@ -91,6 +92,8 @@ class SecurityMiddleware extends Middleware {
 	private $cspNonceManager;
 	/** @var IAppManager */
 	private $appManager;
+	/** @var IUserSession */
+	private $userSession;
 
 	/**
 	 * @param IRequest $request
@@ -106,6 +109,7 @@ class SecurityMiddleware extends Middleware {
 	 * @param CSRFTokenManager $csrfTokenManager
 	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
 	 * @param IAppManager $appManager
+	 * @param IUserSession $userSession
 	 */
 	public function __construct(IRequest $request,
 								ControllerMethodReflector $reflector,
@@ -119,7 +123,9 @@ class SecurityMiddleware extends Middleware {
 								ContentSecurityPolicyManager $contentSecurityPolicyManager,
 								CsrfTokenManager $csrfTokenManager,
 								ContentSecurityPolicyNonceManager $cspNonceManager,
-								IAppManager $appManager) {
+								IAppManager $appManager,
+								IUserSession $userSession
+	) {
 		$this->navigationManager = $navigationManager;
 		$this->request = $request;
 		$this->reflector = $reflector;
@@ -133,6 +139,7 @@ class SecurityMiddleware extends Middleware {
 		$this->csrfTokenManager = $csrfTokenManager;
 		$this->cspNonceManager = $cspNonceManager;
 		$this->appManager = $appManager;
+		$this->userSession = $userSession;
 	}
 
 	/**
@@ -164,8 +171,15 @@ class SecurityMiddleware extends Middleware {
 		}
 
 		if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
+			$user = $this->userSession->getUser();
+			$backendClassName = '';
+			if ($user !== null) {
+				$backendClassName = $user->getBackendClassName();
+			}
+
 			$lastConfirm = (int) $this->session->get('last-password-confirm');
-			if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
+			// we can't check the password against a SAML backend, so skip password confirmation in this case
+			if ($backendClassName !== 'user_saml' && $lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
 				throw new NotConfirmedException();
 			}
 		}
diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
index 551fc3b9b0d..bdb747e1c9f 100644
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@@ -101,8 +101,10 @@ class JSConfigHelper {
 
 		if ($this->currentUser !== null) {
 			$uid = $this->currentUser->getUID();
+			$userBackend = $this->currentUser->getBackendClassName();
 		} else {
 			$uid = null;
+			$userBackend = '';
 		}
 
 		// Get the config
@@ -147,6 +149,7 @@ class JSConfigHelper {
 		$array = [
 			"oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
 			"oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
+			"backendAllowsPasswordConfirmation" => $userBackend === 'user_saml'? 'false' : 'true',
 			"oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
 			"oc_webroot" => "\"".\OC::$WEBROOT."\"",
 			"oc_appswebroots" =>  str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution
author	Bjoern Schiessle <bjoern@schiessle.org>	2017-12-13 14:41:56 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-01-02 20:30:37 +0100
commit	1bcbeb24bcb82f825d1993217cdb6878375c5077 (patch)
tree	83b171423eb459f92fd0ecbf926ee09864b5996a /lib/private
parent	7fdd9097bb8cfa4a5d3afe161e1ee2a71da3a8eb (diff)
download	nextcloud-server-1bcbeb24bcb82f825d1993217cdb6878375c5077.tar.gz nextcloud-server-1bcbeb24bcb82f825d1993217cdb6878375c5077.zip