only use trust_basic_auth if auth_basic is used

dennisreimann · Jun 20, 2011 · da866a1 · da866a1
1 parent 98e301b
commit da866a1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/app/models/account.rb b/app/models/account.rb
@@ -67,7 +67,7 @@ def has_otp_device?
 
   # Authenticates a user by their login name and password.
   # Returns the user or nil.
-  def self.authenticate(login, password)
+  def self.authenticate(login, password, basic_auth_used=false)
     a = Account.find_by_login(login)
     if a.nil? and Masquerade::Application::Config['create_auth_ondemand']['enabled']
       # Need to set some password - but is never used
@@ -76,7 +76,7 @@ def self.authenticate(login, password)
     end
 
     if not a.nil? and a.active? and a.enabled
-      if a.authenticated?(password) or Masquerade::Application::Config['trust_basic_auth']
+      if a.authenticated?(password) or (Masquerade::Application::Config['trust_basic_auth'] and basic_auth_used)
         a.last_authenticated_at, a.last_authenticated_with_yubikey = Time.now, a.authenticated_with_yubikey?
         a.save(:validate => false)
         return a

diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb
@@ -110,7 +110,7 @@ def auth_type_used= t
     # Called from #current_account.  Now, attempt to login by basic authentication information.
     def login_from_basic_auth
       authenticate_with_http_basic do |accountname, password|
-        account = Account.authenticate(accountname, password)
+        account = Account.authenticate(accountname, password, true)
         self.auth_type_used = :basic if not account.nil?
         self.current_account = account
         account