Partial Fix FS#1085
This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication information is rechecked. The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned about security should set this value to 0. DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session. Normally these values are compared on each page visit. If the comparison passes the user is accepted. The same data will be used over and over until either the cookie or the session expires. FS#1085 is concerned with updates to the original authentication data not being able to affect this comparison. The new 'auth_security_timeout' setting will force expiration of the saved data after the specified period has elapsed. Re-authentication may affect page response, especially on systems which use remote authentication systems. This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class to allow those mechanisms which are able to control when DW should revoke authentication. darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz
This commit is contained in:
parent
3848a0dded
commit
4c9890379d
|
@ -68,6 +68,7 @@ $conf['manager'] = '!!not set!!'; //The manager can be user or @group
|
|||
$conf['profileconfirm'] = '1'; //Require current password to confirm changes to user profile
|
||||
$conf['disableactions'] = ''; //comma separated list of actions to disable
|
||||
$conf['sneaky_index'] = 0; //check for namespace read permission in index view (0|1) (1 might cause unexpected behavior)
|
||||
$conf['auth_security_timeout'] = 900; //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
|
||||
|
||||
/* Advanced Options */
|
||||
|
||||
|
|
|
@ -138,6 +138,8 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
|
|||
$_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
|
||||
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
|
||||
$_SESSION[DOKU_COOKIE]['auth']['time'] = time();
|
||||
|
||||
return true;
|
||||
}else{
|
||||
//invalid credentials - log off
|
||||
|
@ -154,6 +156,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
|
|||
if($user && $pass){
|
||||
// we got a cookie - see if we can trust it
|
||||
if(isset($session) &&
|
||||
($session['time'] >= time()-$conf['auth_security_timeout']) &&
|
||||
($session['user'] == $user) &&
|
||||
($session['pass'] == $pass) && //still crypted
|
||||
($session['buid'] == auth_browseruid()) ){
|
||||
|
|
|
@ -97,6 +97,7 @@ $lang['disableactions_subscription'] = 'Subscribe/Unsubscribe';
|
|||
$lang['disableactions_wikicode'] = 'View source/Export Raw';
|
||||
$lang['disableactions_other'] = 'Other actions (comma separated)';
|
||||
$lang['sneaky_index'] = 'By default, DokuWiki will show all namespaces in the index view. Enabling this option will hide those where the user doesn\'t have read permissions. This might result in hiding of accessable subnamespaces. This may make the index unusable with certain ACL setups.';
|
||||
$lang['auth_security_timeout'] = 'Authentication Security Timeout (seconds)';
|
||||
|
||||
/* Advanced Options */
|
||||
$lang['updatecheck'] = 'Check for updates and security warnings? DokuWiki needs to contact splitbrain.org for this feature.';
|
||||
|
|
|
@ -118,6 +118,7 @@ $meta['disableactions'] = array('disableactions',
|
|||
'_choices' => array('backlink','index','recent','revisions','search','subscription','register','resendpwd','profile','edit','wikicode','check'),
|
||||
'_combine' => array('subscription' => array('subscribe','unsubscribe'), 'wikicode' => array('source','export_raw')));
|
||||
$meta['sneaky_index'] = array('onoff');
|
||||
$meta['auth_security_timeout'] = array('numeric');
|
||||
|
||||
$meta['_anti_spam'] = array('fieldset');
|
||||
$meta['usewordblock']= array('onoff');
|
||||
|
|
Loading…
Reference in New Issue