diff options
| -rw-r--r-- | config/config.sample.php | 3 | ||||
| -rw-r--r-- | lib/json.php | 10 | ||||
| -rwxr-xr-x | lib/util.php | 26 |
3 files changed, 24 insertions, 15 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 762633c7832..f2fd948418f 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -30,6 +30,9 @@ $CONFIG = array( /* Force use of HTTPS connection (true = use HTTPS) */ "forcessl" => false, +/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */ +"enhancedauth" => true, + /* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/ "enhancedauthtime" => 15 * 60, diff --git a/lib/json.php b/lib/json.php index b828f35f345..cc504907261 100644 --- a/lib/json.php +++ b/lib/json.php @@ -83,10 +83,12 @@ class OC_JSON{ * Check if the user verified the login with his password */ public static function verifyUser() { - if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { - $l = OC_L10N::get('lib'); - self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); - exit(); + if(OC_Config::getValue('enhancedauth', true) === true) { + if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { + $l = OC_L10N::get('lib'); + self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); + exit(); + } } } diff --git a/lib/util.php b/lib/util.php index 873562cbc1f..5771b89f265 100755 --- a/lib/util.php +++ b/lib/util.php @@ -391,17 +391,19 @@ class OC_Util { * If not, the user will be shown a password verification page */ public static function verifyUser() { - // Check password to set session - if(isset($_POST['password'])) { - if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) { - $_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60); + if(OC_Config::getValue('enhancedauth', true) === true) { + // Check password to set session + if(isset($_POST['password'])) { + if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) { + $_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60); + } } - } // Check if the user verified his password - if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { - OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser())); - exit(); + if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { + OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser())); + exit(); + } } } @@ -410,10 +412,12 @@ class OC_Util { * @return bool */ public static function isUserVerified() { - if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { - return false; + if(OC_Config::getValue('enhancedauth', true) === true) { + if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) { + return false; + } + return true; } - return true; } /** |