зеркало из https://github.com/nextcloud/server.git
Make enhanced auth time configurable
This commit is contained in:
Родитель
f4142bd2a8
Коммит
6f2e8788ca
|
@ -30,6 +30,9 @@ $CONFIG = array(
|
|||
/* Force use of HTTPS connection (true = use HTTPS) */
|
||||
"forcessl" => false,
|
||||
|
||||
/* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
|
||||
"enhancedauthtime" => 15 * 60,
|
||||
|
||||
/* Theme to use for ownCloud */
|
||||
"theme" => "",
|
||||
|
||||
|
|
|
@ -80,10 +80,9 @@ class OC_JSON{
|
|||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password in the last 15 minutes
|
||||
* Check if the user verified the login with his password
|
||||
*/
|
||||
public static function verifyUser() {
|
||||
// Check if the user verified his password in the last 15 minutes
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
$l = OC_L10N::get('lib');
|
||||
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
|
|
|
@ -391,6 +391,9 @@ class OC_Setup {
|
|||
self::createHtaccess();
|
||||
}
|
||||
|
||||
// Set the admin auth time
|
||||
OC_Config::setValue('enhancedauthtime', 15 * 60);
|
||||
|
||||
//and we are done
|
||||
OC_Config::setValue('installed', true);
|
||||
}
|
||||
|
|
|
@ -394,11 +394,11 @@ class OC_Util {
|
|||
// Check password to set session
|
||||
if(isset($_POST['password'])) {
|
||||
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
|
||||
$_SESSION['verifiedLogin']=time() + (15 * 60);
|
||||
$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime');
|
||||
}
|
||||
}
|
||||
|
||||
// Check if the user verified his password in the last 15 minutes
|
||||
// Check if the user verified his password
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
|
||||
exit();
|
||||
|
@ -406,11 +406,10 @@ class OC_Util {
|
|||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password in the last 15 minutes
|
||||
* Check if the user verified the login with his password
|
||||
* @return bool
|
||||
*/
|
||||
public static function isUserVerified() {
|
||||
// Check if the user verified his password in the last 15 minutes
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
return false;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче