[password session] Disable for non-database users

2025-09-17 15:53:28 +00:00 · 2019-01-02 11:11:16 +08:00
parent fac93bfe82
commit aa699dd40f
1 changed files with 5 additions and 1 deletions
--- a/seahub/password_session/middleware.py
+++ b/seahub/password_session/middleware.py
@@ -8,5 +8,9 @@ class CheckPasswordHash(object):
    """Logout user if value of hash key in session is not equal to current password hash"""
    def process_view(self, request, *args, **kwargs):
        if getattr(request.user, 'is_authenticated') and request.user.is_authenticated():
+            if request.user.enc_password == '!':
+                # Disable for LDAP/Shibboleth/SAML/... users.
+                return None
+
            if request.session.get(PASSWORD_HASH_KEY) != get_password_hash(request.user):
                logout(request)