only use autologin with SSL certificate when AUTO_LOGIN is enabled, otherwise redirect to login form as with remote auth

This commit is contained in:
Andrew Dolgov 2011-03-28 13:03:43 +04:00
parent a4cd9d58ff
commit bf9fc06072
3 changed files with 16 additions and 21 deletions

View File

@ -133,9 +133,12 @@
// used to integrate tt-rss with Apache's external authentication modules.
define('AUTO_LOGIN', false);
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
// to skip the login form. If set to true, users won't be able to
// set application language and settings profile.
// Set this to true if you use ALLOW_REMOTE_USER_AUTH or client SSL
// certificate authentication and you want to skip the login form.
// If set to true, users won't be able to set application language
// and settings profile.
// Otherwise users will be redirected to login form with their login
// information pre-filled.
define('LOCK_DIRECTORY', 'lock');
// Directory for lockfiles, must be writable to the user you run

View File

@ -1784,18 +1784,17 @@
return "";
}
function get_remote_user() {
$remote_user = "";
function get_remote_user($link) {
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
$remote_user = $_SERVER["REMOTE_USER"];
return db_escape_string($_SERVER["REMOTE_USER"]);
}
return db_escape_string($remote_user);
return db_escape_string(get_login_by_ssl_certificate($link));
}
function get_remote_fakepass() {
if (get_remote_user())
function get_remote_fakepass($link) {
if (get_remote_user($link))
return "******";
else
return "";
@ -1809,10 +1808,7 @@
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
$remote_user = get_remote_user();
if (!$remote_user)
$remote_user = get_login_by_ssl_certificate($link);
$remote_user = get_remote_user($link);
if ($remote_user && $login != "admin") {
@ -2006,13 +2002,9 @@
}
if (!$_SESSION["uid"] || !validate_session($link)) {
$cert_login = get_login_by_ssl_certificate($link);
if ($cert_login) {
authenticate_user($link, $cert_login, null);
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else if (get_remote_user() && AUTO_LOGIN) {
authenticate_user($link, get_remote_user(), null);
if (get_remote_user($link) && AUTO_LOGIN) {
authenticate_user($link, get_remote_user($link), null);
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else {
render_login_form($link, $mobile);

View File

@ -131,11 +131,11 @@ function validateLoginForm(f) {
<tr><td align="right"><?php echo __("Login:") ?></td>
<td align="right"><input name="login"
onchange="fetchProfiles()" onfocus="fetchProfiles()"
value="<?php echo get_remote_user() ?>"></td></tr>
value="<?php echo get_remote_user($link) ?>"></td></tr>
<tr><td align="right"><?php echo __("Password:") ?></td>
<td align="right"><input type="password" name="password"
onchange="fetchProfiles()" onfocus="fetchProfiles()"
value="<?php echo get_remote_fakepass() ?>"></td></tr>
value="<?php echo get_remote_fakepass($link) ?>"></td></tr>
<tr><td align="right"><?php echo __("Language:") ?></td>
<td align="right">
<?php