lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

(auth/gui) make gui auth fallback explicit (instead of silently accepting local)

Browse Source
This commit is contained in:
Ad Schellevis 2016-05-18 14:53:11 +02:00
parent bb9daf3aee
commit 2578e7637e
2 changed files with 44 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/etc/inc/authgui.inc
View File

@ -182,14 +182,31 @@ function session_auth(&$Login_Error)
/* Validate incoming login request */
if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) {
$authcfg = auth_get_authserver("Local Database");
$authcfg_fallback = auth_get_authserver("Local Database");
if (isset($config['system']['webgui']['authmode'])) {
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
} else {
$authcfg = null;
}
if (!empty($config['system']['webgui']['authmode_fallback'])) {
if ($config['system']['webgui']['authmode_fallback'] == "__NO_FALLBACK__") {
// no fallback
$authcfg_fallback = false;
} else {
$authcfg_fallback = auth_get_authserver($config['system']['webgui']['authmode_fallback']);
}
}
if ($authcfg == $authcfg_fallback) {
// it doesn't make sense to fallback to the same authenticator
$authcfg_fallback = false;
}
// authenticate using config settings, or local if failed
if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) ||
authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) {
($authcfg_fallback !== false && authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg_fallback))
) {
// Generate a new id to avoid session fixation
session_regenerate_id();
$_SESSION['Logged_In'] = "True";

24
src/www/system_usermanager_settings.php
View File

@ -35,6 +35,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['session_timeout'] = $config['system']['webgui']['session_timeout'];
$pconfig['authmode'] = $config['system']['webgui']['authmode'];
$pconfig['authmode_fallback'] = !empty($config['system']['webgui']['authmode_fallback']) ? $config['system']['webgui']['authmode_fallback'] : "Local Database";
$pconfig['backend'] = $config['system']['webgui']['backend'];
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
@ -65,6 +66,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['webgui']['authmode']);
}
if (!empty($pconfig['authmode_fallback'])) {
$config['system']['webgui']['authmode_fallback'] = $pconfig['authmode_fallback'];
} elseif (isset($config['system']['webgui']['authmode_fallback'])) {
unset($config['system']['webgui']['authmode_fallback']);
}
write_config();
}
}
@ -123,6 +130,23 @@ endif;?>
</select>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Authentication Server (fallback)"); ?></td>
<td>
<select name="authmode_fallback" class="selectpicker" data-style="btn-default" >
<?php
foreach (auth_get_authserver_list() as $auth_key => $auth_server) :?>
<option value="<?=$auth_key; ?>" <?=$auth_key == $pconfig['authmode_fallback'] ? "selected=\"selected\"" : "";?>>
<?=htmlspecialchars($auth_server['name']);?>
</option>
<?php
endforeach; ?>
<option value="__NO_FALLBACK__" <?= $pconfig['authmode_fallback'] == "__NO_FALLBACK__" ? "selected=\"selected\"" : "";?> >
<?=gettext("--No Fallback--");?>
</option>
</select>
</td>
</tr>
<tr>
<td></td>
<td>