diff --git a/UI/SOGoUI/SOGoDirectAction.m b/UI/SOGoUI/SOGoDirectAction.m index 73a1062fc..90bd6723a 100644 --- a/UI/SOGoUI/SOGoDirectAction.m +++ b/UI/SOGoUI/SOGoDirectAction.m @@ -218,15 +218,17 @@ static SoProduct *commonProduct = nil; NSString *value, *token; NSArray *creds; - if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled]) + auth = [[WOApplication application] + authenticatorInContext: context]; + + if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] || + ![auth isKindOfClass: [SOGoWebAuthenticator class]]) return [super performActionNamed: _actionName]; // We grab the X-XSRF-TOKEN header token = [[context request] headerForKey: @"X-XSRF-TOKEN"]; // We compare it with our session key - auth = [[WOApplication application] - authenticatorInContext: context]; value = [[context request] cookieValueForKey: [auth cookieNameInContext: context]]; creds = [auth parseCredentials: value]; diff --git a/UI/SOGoUI/UIxComponent.h b/UI/SOGoUI/UIxComponent.h index 1b7cebd11..a21e70e6b 100644 --- a/UI/SOGoUI/UIxComponent.h +++ b/UI/SOGoUI/UIxComponent.h @@ -1,5 +1,4 @@ /* - Copyright (C) 2000-2005 SKYRIX Software AG Copyright (C) 2007-2016 Inverse inc. This file is part of SOGo diff --git a/UI/SOGoUI/UIxComponent.m b/UI/SOGoUI/UIxComponent.m index c23db4bb1..bb334d480 100644 --- a/UI/SOGoUI/UIxComponent.m +++ b/UI/SOGoUI/UIxComponent.m @@ -1,6 +1,5 @@ /* - Copyright (C) 2007-2015 Inverse inc. - Copyright (C) 2004 SKYRIX Software AG + Copyright (C) 2007-2016 Inverse inc. This file is part of SOGo @@ -775,7 +774,11 @@ static SoProduct *commonProduct = nil; NSString *value, *token; NSArray *creds; - if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled]) + auth = [[WOApplication application] + authenticatorInContext: context]; + + if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] || + ![auth isKindOfClass: [SOGoWebAuthenticator class]]) return [super performActionNamed: _actionName]; // If the action is 'connect' (or 'logoff'), we let it go as the token @@ -790,8 +793,6 @@ static SoProduct *commonProduct = nil; token = [[context request] headerForKey: @"X-XSRF-TOKEN"]; // We compare it with our session key - auth = [[WOApplication application] - authenticatorInContext: context]; value = [[context request] cookieValueForKey: [auth cookieNameInContext: context]]; creds = [auth parseCredentials: value];