From e299c241df23770efbb6f5c833d77edcdeed7410 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Tue, 16 Oct 2012 01:08:05 +0200
Subject: [PATCH] Make enhanced auth configurable

---
 config/config.sample.php |  3 +++
 lib/json.php             | 10 ++++++----
 lib/util.php             | 26 +++++++++++++++-----------
 3 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 762633c7832..f2fd948418f 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -30,6 +30,9 @@ $CONFIG = array(
 /* Force use of HTTPS connection (true = use HTTPS) */
 "forcessl" => false,
 
+/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */
+"enhancedauth" => true,
+
 /* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
 "enhancedauthtime" => 15 * 60,
 
diff --git a/lib/json.php b/lib/json.php
index b828f35f345..cc504907261 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -83,10 +83,12 @@ class OC_JSON{
 	* Check if the user verified the login with his password
 	*/
 	public static function verifyUser() {
-		if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-			$l = OC_L10N::get('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
-			exit();
+		if(OC_Config::getValue('enhancedauth', true) === true) {
+			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
+				$l = OC_L10N::get('lib');
+				self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+				exit();
+			}
 		}
 	}
 	
diff --git a/lib/util.php b/lib/util.php
index 873562cbc1f..5771b89f265 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -391,17 +391,19 @@ class OC_Util {
 	* If not, the user will be shown a password verification page
 	*/
 	public static function verifyUser() {
-		// Check password to set session
-		if(isset($_POST['password'])) {
-			if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
-				$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
+		if(OC_Config::getValue('enhancedauth', true) === true) {
+					// Check password to set session
+			if(isset($_POST['password'])) {
+				if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
+					$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
+				}
 			}
-		}
 
 		// Check if the user verified his password
-		if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-			OC_Template::printGuestPage("", "verify",  array('username' => OC_User::getUser()));
-			exit();
+			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
+				OC_Template::printGuestPage("", "verify",  array('username' => OC_User::getUser()));
+				exit();
+			}
 		}
 	}
 
@@ -410,10 +412,12 @@ class OC_Util {
 	* @return bool
 	*/
 	public static function isUserVerified() {
-		if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
-			return false;
+		if(OC_Config::getValue('enhancedauth', true) === true) {
+			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
+				return false;
+			}
+			return true;
 		}
-		return true;
 	}
 	
 	/**
-- 
GitLab