From 85d9f06cb8873955c9ca7a74d5c758b831d56e71 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <bjoern@schiessle.org>
Date: Sat, 27 Oct 2018 15:43:51 +0200
Subject: add global site selector as user back-end which doesn't support
 password confirmation

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
---
 .../Middleware/Security/PasswordConfirmationMiddleware.php            | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/private/AppFramework/Middleware/Security')

diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index 463e7cd93c9..7c1c4595e9a 100644
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -39,6 +39,8 @@ class PasswordConfirmationMiddleware extends Middleware {
 	private $userSession;
 	/** @var ITimeFactory */
 	private $timeFactory;
+	/** @var array */
+	private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
 
 	/**
 	 * PasswordConfirmationMiddleware constructor.
@@ -73,7 +75,7 @@ class PasswordConfirmationMiddleware extends Middleware {
 
 			$lastConfirm = (int) $this->session->get('last-password-confirm');
 			// we can't check the password against a SAML backend, so skip password confirmation in this case
-			if ($backendClassName !== 'user_saml' && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
+			if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
 				throw new NotConfirmedException();
 			}
 		}
-- 
cgit v1.2.3