add default token auth config on install, upgrade and add it to sample config

8 years ago · a922957f76
parent 28ce7dd262
commit a922957f76
2 changed files with 10 additions and 0 deletions
--- a/config/config.sample.php
+++ b/config/config.sample.php
@ -194,6 +194,13 @@ $CONFIG = array(
 */
 'session_keepalive' => true,

+/**
+ * Enforce token authentication for clients, which blocks requests using the user
+ * password for enhanced security. Users need to generate tokens in personal settings
+ * which can be used as passwords on their clients.
+ */
+'token_auth_enforced' => false,
+
 /**
 * The directory where the skeleton files are located. These files will be
 * copied to the data directory of new users. Leave empty to not copy any
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@ -368,6 +368,9 @@ class Session implements IUserSession, Emitter {
 			array('uid' => &$username)
 		);
 		$user = $this->manager->get($username);
+		if (is_null($user)) {
+			return true;
+		}
 		// DI not possible due to cyclic dependencies :'-/
 		return OC::$server->getTwoFactorAuthManager()->isTwoFactorAuthenticated($user);
 	}