Commit 213a629d authored by Joel Rennich's avatar Joel Rennich

Demobilze force password check, NoLo will now default to not requiring the...

Demobilze force password check, NoLo will now default to not requiring the password for checking if we should demobilize or not
parent ff192527
Pipeline #59442468 failed with stage
in 1 minute and 28 seconds
......@@ -25,6 +25,8 @@ enum Preferences: String, CaseIterable {
case CreateAdminIfGroupMember
/// Should existing mobile accounts be converted into plain local accounts? Set as a Bool`.
case DemobilizeUsers
/// should we check for a password in the hints before demobilzing the user?
case DemobilizeForcePasswordCheck
/// Dissallow local auth, and always do network authentication
case DenyLocal
/// Users to allow locally when DenyLocal is on
......
......@@ -61,14 +61,16 @@ class DeMobilize : NoLoMechanism {
return
}
// sanity check to ensure we have valid information and a local user
os_log("Checking for password", log: demobilizeLog, type: .debug)
if passwordContext == nil {
os_log("Something went wrong, there is no password in user data", log: demobilizeLog, type: .error)
// nothing to see here, most likely auth failed earlier on
// we're just here for auditing purposes
_ = allowLogin()
return
if (getManagedPreference(key: Preferences.DemobilizeForcePasswordCheck) as? Bool ?? false) {
// sanity check to ensure we have valid information and a local user
os_log("Checking for password", log: demobilizeLog, type: .debug)
if passwordContext == nil {
os_log("Something went wrong, there is no password in user data", log: demobilizeLog, type: .error)
// nothing to see here, most likely auth failed earlier on
// we're just here for auditing purposes
_ = allowLogin()
return
}
}
// get local user record
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment