From 31b5a9dc8641b6cf54ef772e5670a2c678dd1108 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Fri, 21 Nov 2014 17:40:39 +1300
Subject: [PATCH] API Allow CMS re-authentication to be completely disabled if
 necessary

---
 security/CMSSecurity.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/security/CMSSecurity.php b/security/CMSSecurity.php
index 8f5ea616b..d0dd00d02 100644
--- a/security/CMSSecurity.php
+++ b/security/CMSSecurity.php
@@ -14,6 +14,14 @@ class CMSSecurity extends Security {
 		'success'
 	);
 
+	/**
+	 * Enable in-cms reauthentication
+	 *
+	 * @var boolean
+	 * @config
+	 */
+	private static $reauth_enabled = true;
+
 	public function init() {
 		parent::init();
 
@@ -140,6 +148,9 @@ PHP
 	 * @return bool
 	 */
 	public static function enabled() {
+		// Disable shortcut
+		if(!static::config()->reauth_enabled) return false;
+		
 		// Count all cms-supported methods
 		$authenticators = Authenticator::get_authenticators();
 		foreach($authenticators as $authenticator) {