Commit 6d26186e authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(auth/gui) make gui auth fallback explicit (instead of silently accepting local)

(cherry picked from commit 2578e763)
parent f5596d78
......@@ -182,14 +182,31 @@ function session_auth(&$Login_Error)
/* Validate incoming login request */
if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) {
$authcfg = auth_get_authserver("Local Database");
$authcfg_fallback = auth_get_authserver("Local Database");
if (isset($config['system']['webgui']['authmode'])) {
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
} else {
$authcfg = null;
}
if (!empty($config['system']['webgui']['authmode_fallback'])) {
if ($config['system']['webgui']['authmode_fallback'] == "__NO_FALLBACK__") {
// no fallback
$authcfg_fallback = false;
} else {
$authcfg_fallback = auth_get_authserver($config['system']['webgui']['authmode_fallback']);
}
}
if ($authcfg == $authcfg_fallback) {
// it doesn't make sense to fallback to the same authenticator
$authcfg_fallback = false;
}
// authenticate using config settings, or local if failed
if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) ||
authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) {
($authcfg_fallback !== false && authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg_fallback))
) {
// Generate a new id to avoid session fixation
session_regenerate_id();
$_SESSION['Logged_In'] = "True";
......
......@@ -35,6 +35,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['session_timeout'] = $config['system']['webgui']['session_timeout'];
$pconfig['authmode'] = $config['system']['webgui']['authmode'];
$pconfig['authmode_fallback'] = !empty($config['system']['webgui']['authmode_fallback']) ? $config['system']['webgui']['authmode_fallback'] : "Local Database";
$pconfig['backend'] = $config['system']['webgui']['backend'];
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
......@@ -65,6 +66,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['webgui']['authmode']);
}
if (!empty($pconfig['authmode_fallback'])) {
$config['system']['webgui']['authmode_fallback'] = $pconfig['authmode_fallback'];
} elseif (isset($config['system']['webgui']['authmode_fallback'])) {
unset($config['system']['webgui']['authmode_fallback']);
}
write_config();
}
}
......@@ -123,6 +130,23 @@ endif;?>
</select>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Authentication Server (fallback)"); ?></td>
<td>
<select name="authmode_fallback" class="selectpicker" data-style="btn-default" >
<?php
foreach (auth_get_authserver_list() as $auth_key => $auth_server) :?>
<option value="<?=$auth_key; ?>" <?=$auth_key == $pconfig['authmode_fallback'] ? "selected=\"selected\"" : "";?>>
<?=htmlspecialchars($auth_server['name']);?>
</option>
<?php
endforeach; ?>
<option value="__NO_FALLBACK__" <?= $pconfig['authmode_fallback'] == "__NO_FALLBACK__" ? "selected=\"selected\"" : "";?> >
<?=gettext("--No Fallback--");?>
</option>
</select>
</td>
</tr>
<tr>
<td></td>
<td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment