haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-17 15:53:28 +00:00
Code Issues Releases Wiki Activity

[password session] Disable for non-database users

Browse Source
This commit is contained in:
zhengxie
2019-01-02 11:11:16 +08:00
parent fac93bfe82
commit aa699dd40f
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
seahub/password_session/middleware.py
View File

@@ -8,5 +8,9 @@ class CheckPasswordHash(object):
"""Logout user if value of hash key in session is not equal to current password hash""" """Logout user if value of hash key in session is not equal to current password hash"""
def process_view(self, request, *args, **kwargs): def process_view(self, request, *args, **kwargs):
if getattr(request.user, 'is_authenticated') and request.user.is_authenticated(): if getattr(request.user, 'is_authenticated') and request.user.is_authenticated():
if request.user.enc_password == '!':
# Disable for LDAP/Shibboleth/SAML/... users.
return None
if request.session.get(PASSWORD_HASH_KEY) != get_password_hash(request.user): if request.session.get(PASSWORD_HASH_KEY) != get_password_hash(request.user):
logout(request) logout(request)