From 586aa99cd679c12c0468aa80cb78db0c4b852719 Mon Sep 17 00:00:00 2001
From: Alma Armas <celestine@vriska.ru>
Date: Wed, 21 Apr 2021 11:41:56 +0000
Subject: [PATCH] UA and IP checks can now be disabled via extendedValidation
 option

---
 chandler-example.yml                |  1 +
 chandler/Security/Authenticator.php | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/chandler-example.yml b/chandler-example.yml
index f5d7362..d29705d 100644
--- a/chandler-example.yml
+++ b/chandler-example.yml
@@ -20,4 +20,5 @@ chandler:
     security:
         secret: ""
         csrfProtection: "permissive"
+        extendedValidation: false
         sessionDuration: 14
diff --git a/chandler/Security/Authenticator.php b/chandler/Security/Authenticator.php
index f7ed2a7..aefd758 100644
--- a/chandler/Security/Authenticator.php
+++ b/chandler/Security/Authenticator.php
@@ -27,6 +27,7 @@ class Authenticator
                       ->table("ChandlerTokens")
                       ->where($data)
                       ->fetch();
+        
         if(!$token) {
             $this->db->table("ChandlerTokens")->insert($data);
             $token = $this->db->table("ChandlerTokens")->where($data)->fetch();
@@ -68,9 +69,16 @@ class Authenticator
                           "token" => $token,
                       ])
                       ->fetch();
+        
         if(!$token) return null;
         
-        if($token->ip === CONNECTING_IP && $token->ua === $_SERVER["HTTP_USER_AGENT"]) {
+        $checksPassed = false;
+        if(CHANDLER_ROOT_CONF["security"]["extendedValidation"])
+            $checksPassed = $token->ip === CONNECTING_IP && $token->ua === $_SERVER["HTTP_USER_AGENT"];
+        else
+            $checksPassed = true;
+        
+        if($checksPassed) {
             $su   = $this->session->get("_su");
             $user = $this->db->table("ChandlerUsers")->get($su ?? $token->user);
             if(!$user) return null;