2017-11-18 11:33:03 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace LibreNMS\Authentication;
|
|
|
|
|
|
2018-09-11 07:51:35 -05:00
|
|
|
use App\Models\User;
|
2020-10-23 16:56:17 +02:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2017-11-18 11:33:03 +01:00
|
|
|
use LibreNMS\Exceptions\AuthenticationException;
|
|
|
|
|
|
|
|
|
|
class MysqlAuthorizer extends AuthorizerBase
|
|
|
|
|
{
|
2021-04-01 17:35:18 +02:00
|
|
|
protected static $HAS_AUTH_USERMANAGEMENT = true;
|
|
|
|
|
protected static $CAN_UPDATE_USER = true;
|
|
|
|
|
protected static $CAN_UPDATE_PASSWORDS = true;
|
2017-11-18 11:33:03 +01:00
|
|
|
|
2019-03-05 00:24:14 -06:00
|
|
|
public function authenticate($credentials)
|
2017-11-18 11:33:03 +01:00
|
|
|
{
|
2019-03-05 00:24:14 -06:00
|
|
|
$username = $credentials['username'] ?? null;
|
|
|
|
|
$password = $credentials['password'] ?? null;
|
|
|
|
|
|
2022-02-20 22:05:51 +01:00
|
|
|
$user_data = User::whereNotNull('password')->firstWhere(['username' => $username]);
|
2019-11-08 07:32:57 +01:00
|
|
|
$hash = $user_data->password;
|
|
|
|
|
$enabled = $user_data->enabled;
|
|
|
|
|
|
|
|
|
|
if (! $enabled) {
|
2021-10-01 14:12:48 +02:00
|
|
|
throw new AuthenticationException();
|
2019-11-08 07:32:57 +01:00
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
|
2020-10-23 16:56:17 +02:00
|
|
|
if (Hash::check($password, $hash)) {
|
2021-10-21 17:25:38 -05:00
|
|
|
// Check if hash algorithm is current and update it if it is not
|
2020-10-23 16:56:17 +02:00
|
|
|
if (Hash::needsRehash($hash)) {
|
2021-10-21 17:25:38 -05:00
|
|
|
$user_data->setPassword($password);
|
|
|
|
|
$user_data->save();
|
2017-11-18 11:33:03 +01:00
|
|
|
}
|
|
|
|
|
|
2018-02-08 17:08:21 -06:00
|
|
|
return true;
|
|
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
|
2018-02-08 17:08:21 -06:00
|
|
|
throw new AuthenticationException();
|
|
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
|
|
|
|
|
public function canUpdatePasswords($username = '')
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* By default allow the password to be modified, unless the existing
|
|
|
|
|
* user is explicitly prohibited to do so.
|
|
|
|
|
*/
|
|
|
|
|
|
2018-02-06 15:20:34 -06:00
|
|
|
if (! static::$CAN_UPDATE_PASSWORDS) {
|
2021-04-01 17:35:18 +02:00
|
|
|
return false;
|
2018-02-06 15:20:34 -06:00
|
|
|
} elseif (empty($username) || ! $this->userExists($username)) {
|
2021-04-01 17:35:18 +02:00
|
|
|
return true;
|
2017-11-18 11:33:03 +01:00
|
|
|
} else {
|
2018-09-11 07:51:35 -05:00
|
|
|
return User::thisAuth()->where('username', $username)->value('can_modify_passwd');
|
2017-11-18 11:33:03 +01:00
|
|
|
}
|
2018-02-06 15:20:34 -06:00
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
|
|
|
|
|
public function userExists($username, $throw_exception = false)
|
|
|
|
|
{
|
2018-09-11 07:51:35 -05:00
|
|
|
return User::thisAuth()->where('username', $username)->exists();
|
2018-02-06 15:20:34 -06:00
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
|
|
|
|
|
public function getUserid($username)
|
|
|
|
|
{
|
2018-09-11 07:51:35 -05:00
|
|
|
// for mysql user_id == auth_id
|
|
|
|
|
return User::thisAuth()->where('username', $username)->value('user_id');
|
2018-02-08 17:08:21 -06:00
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
|
|
|
|
|
public function getUser($user_id)
|
|
|
|
|
{
|
2018-09-11 07:51:35 -05:00
|
|
|
$user = User::find($user_id);
|
|
|
|
|
if ($user) {
|
|
|
|
|
return $user->toArray();
|
|
|
|
|
}
|
2020-09-21 14:54:51 +02:00
|
|
|
|
2021-04-01 17:35:18 +02:00
|
|
|
return false;
|
2018-02-08 17:08:21 -06:00
|
|
|
}
|
2017-11-18 11:33:03 +01:00
|
|
|
}
|
