diff options
| author | Andrew Dolgov <fox@fakecake.org> | 2025-03-14 11:32:46 +0300 |
|---|---|---|
| committer | Andrew Dolgov <fox@fakecake.org> | 2025-03-14 11:43:25 +0300 |
| commit | d373c1f978b4e4aae0b17ae696e73d46ffd40aee (patch) | |
| tree | 6299d4f3cac0238fb158d1f839d9e4bfc90f18c3 /classes | |
| parent | 1fc4eed6cd9d887b52ea09bab6bd1ff75c79c25c (diff) | |
add Config::DISABLE_LOGIN_FORM to allow limiting logins to SSO providers
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/Config.php | 6 | ||||
| -rw-r--r-- | classes/Handler_Public.php | 7 |
2 files changed, 12 insertions, 1 deletions
diff --git a/classes/Config.php b/classes/Config.php index a7c0a04b2..92037ff74 100644 --- a/classes/Config.php +++ b/classes/Config.php @@ -189,6 +189,9 @@ class Config { /** delay updates for this feed if received HTTP 429 (Too Many Requests) for this amount of seconds (base value, actual delay is base...base*2) */ const HTTP_429_THROTTLE_INTERVAL = "HTTP_429_THROTTLE_INTERVAL"; + /** disables login form controls except HOOK_LOGINFORM_ADDITIONAL_BUTTONS (for SSO providers), also prevents logging in through auth_internal */ + const DISABLE_LOGIN_FORM = "DISABLE_LOGIN_FORM"; + /** default values for all global configuration options */ private const _DEFAULTS = [ Config::DB_TYPE => [ "pgsql", Config::T_STRING ], @@ -245,7 +248,8 @@ class Config { Config::AUTH_MIN_INTERVAL => [ 5, Config::T_INT ], Config::HTTP_USER_AGENT => [ 'Tiny Tiny RSS/%s (https://tt-rss.org/)', Config::T_STRING ], - Config::HTTP_429_THROTTLE_INTERVAL => [ 3600, Config::T_INT ] + Config::HTTP_429_THROTTLE_INTERVAL => [ 3600, Config::T_INT ], + Config::DISABLE_LOGIN_FORM => [ "", Config::T_BOOL ] ]; private static ?Config $instance = null; diff --git a/classes/Handler_Public.php b/classes/Handler_Public.php index efa26646b..abff08376 100644 --- a/classes/Handler_Public.php +++ b/classes/Handler_Public.php @@ -431,6 +431,13 @@ class Handler_Public extends Handler { } function forgotpass(): void { + if (Config::get(Config::DISABLE_LOGIN_FORM) || !str_contains(Config::get(Config::PLUGINS), "auth_internal")) { + header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden"); + echo "Forbidden."; + + return; + } + startup_gettext(); session_start(); |