Skip to content

Commit

Permalink
Merge pull request #12085 from nextcloud/add-gss-to-excluded-backends
Browse files Browse the repository at this point in the history 
add global site selector as user back-end which doesn't support password confirmation
  • Loading branch information
@MorrisJobke
MorrisJobke authored Oct 30, 2018
2 parents 31ccf85 + 85d9f06 commit c9e6a99
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
4 changes: 3 additions & 1 deletion lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ class PasswordConfirmationMiddleware extends Middleware {
private $userSession;
/** @var ITimeFactory */
private $timeFactory;
/** @var array */
private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];

/**
* PasswordConfirmationMiddleware constructor.
Expand Down Expand Up @@ -73,7 +75,7 @@ public function beforeController($controller, $methodName) {

$lastConfirm = (int) $this->session->get('last-password-confirm');
// we can't check the password against a SAML backend, so skip password confirmation in this case
if ($backendClassName !== 'user_saml' && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
throw new NotConfirmedException();
}
}
Expand Down
5 changes: 4 additions & 1 deletion lib/private/Template/JSConfigHelper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ class JSConfigHelper {
/** @var CapabilitiesManager */
private $capabilitiesManager;

/** @var array user back-ends excluded from password verification */
private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];

/**
* @param IL10N $l
* @param Defaults $defaults
Expand Down Expand Up @@ -158,7 +161,7 @@ public function getConfig() {
$array = [
"oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
"oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
"backendAllowsPasswordConfirmation" => $userBackend === 'user_saml'? 'false' : 'true',
"backendAllowsPasswordConfirmation" => !isset($this->excludedUserBackEnds[$userBackend]) ? 'true' : 'false',
"oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
"oc_webroot" => "\"".\OC::$WEBROOT."\"",
"oc_appswebroots" => str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution
Expand Down

0 comments on commit c9e6a99

Please sign in to comment.