only use autologin with SSL certificate when AUTO_LOGIN is enabled, otherwise redirect to login form as with remote auth
This commit is contained in:
Andrew Dolgov
parent
a4cd9d58ff
commit
bf9fc06072
|
|
@ -133,9 +133,12 @@
|
|||
// used to integrate tt-rss with Apache's external authentication modules.
|
||||
|
||||
define('AUTO_LOGIN', false);
|
||||
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
|
||||
// to skip the login form. If set to true, users won't be able to
|
||||
// set application language and settings profile.
|
||||
// Set this to true if you use ALLOW_REMOTE_USER_AUTH or client SSL
|
||||
// certificate authentication and you want to skip the login form.
|
||||
// If set to true, users won't be able to set application language
|
||||
// and settings profile.
|
||||
// Otherwise users will be redirected to login form with their login
|
||||
// information pre-filled.
|
||||
|
||||
define('LOCK_DIRECTORY', 'lock');
|
||||
// Directory for lockfiles, must be writable to the user you run
|
||||
|
|
|
|||
|
|
@ -1784,18 +1784,17 @@
|
|||
return "";
|
||||
}
|
||||
|
||||
function get_remote_user() {
|
||||
$remote_user = "";
|
||||
function get_remote_user($link) {
|
||||
|
||||
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
|
||||
$remote_user = $_SERVER["REMOTE_USER"];
|
||||
return db_escape_string($_SERVER["REMOTE_USER"]);
|
||||
}
|
||||
|
||||
return db_escape_string($remote_user);
|
||||
return db_escape_string(get_login_by_ssl_certificate($link));
|
||||
}
|
||||
|
||||
function get_remote_fakepass() {
|
||||
if (get_remote_user())
|
||||
function get_remote_fakepass($link) {
|
||||
if (get_remote_user($link))
|
||||
return "******";
|
||||
else
|
||||
return "";
|
||||
|
|
@ -1809,10 +1808,7 @@
|
|||
$pwd_hash2 = encrypt_password($password, $login);
|
||||
$login = db_escape_string($login);
|
||||
|
||||
$remote_user = get_remote_user();
|
||||
|
||||
if (!$remote_user)
|
||||
$remote_user = get_login_by_ssl_certificate($link);
|
||||
$remote_user = get_remote_user($link);
|
||||
|
||||
if ($remote_user && $login != "admin") {
|
||||
|
||||
|
|
@ -2006,13 +2002,9 @@
|
|||
}
|
||||
|
||||
if (!$_SESSION["uid"] || !validate_session($link)) {
|
||||
$cert_login = get_login_by_ssl_certificate($link);
|
||||
|
||||
if ($cert_login) {
|
||||
authenticate_user($link, $cert_login, null);
|
||||
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
|
||||
} else if (get_remote_user() && AUTO_LOGIN) {
|
||||
authenticate_user($link, get_remote_user(), null);
|
||||
if (get_remote_user($link) && AUTO_LOGIN) {
|
||||
authenticate_user($link, get_remote_user($link), null);
|
||||
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
|
||||
} else {
|
||||
render_login_form($link, $mobile);
|
||||
|
|
|
|||
|
|
@ -131,11 +131,11 @@ function validateLoginForm(f) {
|
|||
<tr><td align="right"><?php echo __("Login:") ?></td>
|
||||
<td align="right"><input name="login"
|
||||
onchange="fetchProfiles()" onfocus="fetchProfiles()"
|
||||
value="<?php echo get_remote_user() ?>"></td></tr>
|
||||
value="<?php echo get_remote_user($link) ?>"></td></tr>
|
||||
<tr><td align="right"><?php echo __("Password:") ?></td>
|
||||
<td align="right"><input type="password" name="password"
|
||||
onchange="fetchProfiles()" onfocus="fetchProfiles()"
|
||||
value="<?php echo get_remote_fakepass() ?>"></td></tr>
|
||||
value="<?php echo get_remote_fakepass($link) ?>"></td></tr>
|
||||
<tr><td align="right"><?php echo __("Language:") ?></td>
|
||||
<td align="right">
|
||||
<?php
|
||||
|
|
|
|||
Loading…
Reference in New Issue