Skip to content

Commit c9e6a99

Browse files
MorrisJobkeMorrisJobke
authored
Merge pull request #12085 from nextcloud/add-gss-to-excluded-backends
add global site selector as user back-end which doesn't support password confirmation
2 parents 31ccf85 + 85d9f06 commit c9e6a99

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@ class PasswordConfirmationMiddleware extends Middleware {
3939
private $userSession;
4040
/** @var ITimeFactory */
4141
private $timeFactory;
42+
/** @var array */
43+
private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
4244

4345
/**
4446
* PasswordConfirmationMiddleware constructor.
@@ -73,7 +75,7 @@ public function beforeController($controller, $methodName) {
7375

7476
$lastConfirm = (int) $this->session->get('last-password-confirm');
7577
// we can't check the password against a SAML backend, so skip password confirmation in this case
76-
if ($backendClassName !== 'user_saml' && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
78+
if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
7779
throw new NotConfirmedException();
7880
}
7981
}

lib/private/Template/JSConfigHelper.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,9 @@ class JSConfigHelper {
7070
/** @var CapabilitiesManager */
7171
private $capabilitiesManager;
7272

73+
/** @var array user back-ends excluded from password verification */
74+
private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
75+
7376
/**
7477
* @param IL10N $l
7578
* @param Defaults $defaults
@@ -158,7 +161,7 @@ public function getConfig() {
158161
$array = [
159162
"oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
160163
"oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
161-
"backendAllowsPasswordConfirmation" => $userBackend === 'user_saml'? 'false' : 'true',
164+
"backendAllowsPasswordConfirmation" => !isset($this->excludedUserBackEnds[$userBackend]) ? 'true' : 'false',
162165
"oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
163166
"oc_webroot" => "\"".\OC::$WEBROOT."\"",
164167
"oc_appswebroots" => str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution

0 commit comments

Comments
 (0)