kolab_2fa: Allow kolab_auth'enticated admins to change user's 2FA settings (add/remove factors)
This commit is contained in:
Aleksander Machniak
parent
de3a536daa
commit
2dc22ac017
2 changed files with 17 additions and 17 deletions
|
|
@ -128,11 +128,6 @@ window.rcmail && rcmail.addEventListener('init', function(evt) {
|
|||
* Remove the given factor from the account
|
||||
*/
|
||||
function remove_factor(id) {
|
||||
if (rcmail.env.kolab_2fa_factors[id]) {
|
||||
rcmail.env.kolab_2fa_factors[id].active = false;
|
||||
}
|
||||
render();
|
||||
|
||||
var lock = rcmail.set_busy(true, 'saving');
|
||||
rcmail.http_post('plugin.kolab-2fa-save', { _method: id, _data: 'false' }, lock);
|
||||
}
|
||||
|
|
@ -184,7 +179,7 @@ window.rcmail && rcmail.addEventListener('init', function(evt) {
|
|||
function require_high_security(func, exclude)
|
||||
{
|
||||
// request 2nd factor auth
|
||||
if (!rcmail.env.session_secured || rcmail.env.session_secured < time() - 120) {
|
||||
if (rcmail.env.session_secured !== true && rcmail.env.session_secured < time() - 180) {
|
||||
var method, name;
|
||||
|
||||
// find an active factor
|
||||
|
|
@ -327,7 +322,7 @@ window.rcmail && rcmail.addEventListener('init', function(evt) {
|
|||
|
||||
// callback for save failure
|
||||
rcmail.addEventListener('plugin.reset_form', function(method) {
|
||||
if (rcmail.env.kolab_2fa_factors[method]) {
|
||||
if (method && rcmail.env.kolab_2fa_factors[method]) {
|
||||
rcmail.env.kolab_2fa_factors[method].active = false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -422,10 +422,7 @@ class kolab_2fa extends rcube_plugin
|
|||
$this->include_script('kolab2fa.js');
|
||||
$this->include_stylesheet($this->local_skin_path() . '/kolab2fa.css');
|
||||
|
||||
if ($this->check_secure_mode()) {
|
||||
$this->api->output->set_env('session_secured', $_SESSION['kolab_2fa_secure_mode']);
|
||||
}
|
||||
|
||||
$this->api->output->set_env('session_secured', $this->check_secure_mode());
|
||||
$this->api->output->add_label('save','cancel');
|
||||
$this->api->output->set_pagetitle($this->gettext('settingstitle'));
|
||||
$this->api->output->send('kolab_2fa.config');
|
||||
|
|
@ -671,7 +668,7 @@ class kolab_2fa extends rcube_plugin
|
|||
}
|
||||
else if ($errors) {
|
||||
$this->api->output->show_message($this->gettext('factorsaveerror'), 'error');
|
||||
$this->api->output->command('plugin.reset_form', $method);
|
||||
$this->api->output->command('plugin.reset_form', $data !== false ? $method : null);
|
||||
}
|
||||
|
||||
$this->api->output->send();
|
||||
|
|
@ -779,12 +776,20 @@ class kolab_2fa extends rcube_plugin
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Check whether the session is secured with 2FA (excluding the logon)
|
||||
*/
|
||||
protected function check_secure_mode()
|
||||
{
|
||||
$valid = ($_SESSION['kolab_2fa_secure_mode'] && $_SESSION['kolab_2fa_secure_mode'] > time() - 180);
|
||||
return $valid;
|
||||
}
|
||||
// Allow admins that used kolab_auth's "login as" feature to act without
|
||||
// being asked for the user's second factor
|
||||
if (!empty($_SESSION['kolab_auth_admin']) && !empty($_SESSION['kolab_auth_password'])) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
if ($_SESSION['kolab_2fa_secure_mode'] && $_SESSION['kolab_2fa_secure_mode'] > time() - 180) {
|
||||
return $_SESSION['kolab_2fa_secure_mode'];
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue