Skip to content

Commit

Permalink
Merge pull request #12184 from nextcloud/add-gss-to-excluded-backends…
Browse files Browse the repository at this point in the history
…-stable14

[stable14] add global site selector as user back-end which doesn't support password confirmation
  • Loading branch information
MorrisJobke authored Nov 1, 2018
2 parents d1d82fc + c47d634 commit aa92a00
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ class PasswordConfirmationMiddleware extends Middleware {
private $userSession;
/** @var ITimeFactory */
private $timeFactory;
/** @var array */
private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];

/**
* PasswordConfirmationMiddleware constructor.
Expand Down Expand Up @@ -73,7 +75,7 @@ public function beforeController($controller, $methodName) {

$lastConfirm = (int) $this->session->get('last-password-confirm');
// we can't check the password against a SAML backend, so skip password confirmation in this case
if ($backendClassName !== 'user_saml' && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
throw new NotConfirmedException();
}
}
Expand Down
5 changes: 4 additions & 1 deletion lib/private/Template/JSConfigHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ class JSConfigHelper {
/** @var CapabilitiesManager */
private $capabilitiesManager;

/** @var array user back-ends excluded from password verification */
private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];

/**
* @param IL10N $l
* @param Defaults $defaults
Expand Down Expand Up @@ -158,7 +161,7 @@ public function getConfig() {
$array = [
"oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
"oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
"backendAllowsPasswordConfirmation" => $userBackend === 'user_saml'? 'false' : 'true',
"backendAllowsPasswordConfirmation" => !isset($this->excludedUserBackEnds[$userBackend]) ? 'true' : 'false',
"oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
"oc_webroot" => "\"".\OC::$WEBROOT."\"",
"oc_appswebroots" => str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution
Expand Down

0 comments on commit aa92a00

Please sign in to comment.