mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-03-13 08:00:15 +00:00
Remove default expiry times, make 0 disabled.
This commit is contained in:
Andrew Ruthven
parent
3c475a283c
commit
af458f9d90
@ -636,7 +636,8 @@ $c->admin_email = 'calendar-admin@example.com';
|
||||
*
|
||||
* Both the hash and the per user salt are stored in memcached. The hash has
|
||||
* an expiry set as either $c->auth_cache_pass or $c->auth_cache_fail as
|
||||
* appropriate.
|
||||
* appropriate. You must enable either (or both) of these with suitable
|
||||
* expiry times (15 minutes?) based on your requirements.
|
||||
*
|
||||
* Default: false
|
||||
*/
|
||||
@ -652,18 +653,19 @@ $c->admin_email = 'calendar-admin@example.com';
|
||||
// $c->auth_cache_secret = NULL;
|
||||
|
||||
/**
|
||||
* How long to cache credentials which username & password match.
|
||||
* How long to cache credentials where username & password match (seconds).
|
||||
*
|
||||
* Default: 15 minutes
|
||||
* Default: 0 (aka don't cache passwords that match)
|
||||
*/
|
||||
// $c->auth_cache_pass = 15 * 60;
|
||||
// $c->auth_cache_pass = 0;
|
||||
|
||||
/**
|
||||
* How long to cache credentials which username & password don't match.
|
||||
* How long to cache credentials where username & password don't match
|
||||
* (seconds).
|
||||
*
|
||||
* Default: 15 minutes
|
||||
* Default: 0 (aka don't cache passwords that don't match)
|
||||
*/
|
||||
// $c->auth_cache_fail = 15 * 60;
|
||||
// $c->auth_cache_fail = 0;
|
||||
|
||||
/***************************************************************************
|
||||
* *
|
||||
|
||||
@ -167,8 +167,8 @@ $c->rrule_loop_limit = 100;
|
||||
|
||||
// Authentication caching details
|
||||
$c->auth_cache = false; // Default to off
|
||||
$c->auth_cache_pass = 15 * 60; // 15 minutes
|
||||
$c->auth_cache_fail = 15 * 60; // 15 minutes
|
||||
$c->auth_cache_pass = 0; // Default to off
|
||||
$c->auth_cache_fail = 0; // Default to off
|
||||
|
||||
// Kind of private configuration values
|
||||
$c->total_query_time = 0;
|
||||
|
||||
@ -506,6 +506,25 @@ class HTTPAuthSession {
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Work out the expiry to use, some sites might prefer different TTLs for
|
||||
# pass/fail results.
|
||||
if ($state === 'pass') {
|
||||
$expiry = $c->auth_cache_pass;
|
||||
} else if ($state === 'fail') {
|
||||
$expiry = $c->auth_cache_fail;
|
||||
} else {
|
||||
dbg_error_log('ERROR', 'HTTPCheckCache: SetCache: Unexpected state %s, bailing out from caching credential.', $state);
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Only cache if the expiry is set to non-zero. This allows disabling
|
||||
# caching on a pass or fail basis.
|
||||
if ($expiry == 0) {
|
||||
dbg_error_log('ERROR', 'HTTPCheckCache: SetCache: Expiry set to 0, not caching credential.', $state);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
$cache = getCacheInstance();
|
||||
if ($cache->isActive() === false) return 0;
|
||||
|
||||
@ -533,17 +552,6 @@ class HTTPAuthSession {
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Work out the expiry to use, some sites might prefer different TTLs for
|
||||
# pass/fail results.
|
||||
if ($state === 'pass') {
|
||||
$expiry = $c->auth_cache_pass;
|
||||
} else if ($state === 'fail') {
|
||||
$expiry = $c->auth_cache_fail;
|
||||
} else {
|
||||
dbg_error_log('ERROR', 'HTTPCheckCache: SetCache: Unexpected state %s, bailing out from caching credential.', $state);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (! $cache->set($cache_ns, $hash, $state, $expiry) ) {
|
||||
dbg_error_log('ERROR', 'HTTPCheckCache: SetCache: Failed to store credential.');
|
||||
return 0;
|
||||
|
||||
@ -163,8 +163,8 @@ $c->readonly_webdav_collections = true; // WebDAV access is readonly
|
||||
|
||||
// Authentication caching details
|
||||
$c->auth_cache = false; // Default to off
|
||||
$c->auth_cache_pass = 15 * 60; // 15 minutes
|
||||
$c->auth_cache_fail = 15 * 60; // 15 minutes
|
||||
$c->auth_cache_pass = 0; // Default to off
|
||||
$c->auth_cache_fail = 0; // Default to off
|
||||
|
||||
// Kind of private configuration values
|
||||
$c->total_query_time = 0;
|
||||
|
||||
@ -28,6 +28,8 @@
|
||||
// if testing cached of auth with memcache
|
||||
//memcache_auth $c->auth_cache = true;
|
||||
//memcache_auth $c->auth_cache_secret = 'not safe, regression testing only';
|
||||
//memcache_auth $c->auth_cache_pass = 15 * 60;
|
||||
//memcache_auth $c->auth_cache_fail = 15 * 60;
|
||||
|
||||
// if testing LDAP
|
||||
//ldap $c->authenticate_hook['call'] = 'LDAP_check';
|
||||
|
||||
@ -81,9 +81,9 @@ if (defined $request_id) {
|
||||
while (<$log>) {
|
||||
if (/davical: $request_id: ALL: (HTTPAuthLogin:CheckCache|LDAP:drivers_ldap ): (.*)/) {
|
||||
my $msg = $2;
|
||||
if ($msg =~ /^No salt, assuming no cached credentials/) {
|
||||
if ($msg =~ /^No stored salt for ldap2,/) {
|
||||
$no_salt = 1;
|
||||
} elsif ($msg =~ /^Cached credentials are good and invalid/) {
|
||||
} elsif ($msg =~ /^Cached credentials for ldap2 are good and invalid/) {
|
||||
$cached_creds = 1;
|
||||
} elsif ($msg =~ /^Connected to LDAP server/) {
|
||||
$ldap_conn = 1;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user