mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
d841625f12c152fcc8767b4d74f9891ba878f0be
librenms-librenms/html/includes/authenticate.inc.php

101 lines
3.4 KiB
PHP
Raw Normal View History

just another cleanup commit, don't mind me... git-svn-id: http://www.observium.org/svn/observer/trunk@1885 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-16 18:28:52 +00:00
<?php
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8
2007-04-03 14:10:23 +00:00
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
use LibreNMS\Authentication\Auth;
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
use LibreNMS\Authentication\TwoFactor;
Single Sign-On Authentication Mechanism (#7601) * Allow the URL a user is sent to after logging out to be customised This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout). * Allow auth plugins to return a username This is a bit cleaner than the current auth flow, which special cases e.g. http authentication * Add some tests, defaults and documentation * Add single sign-on authentication mechanism * Make HTTPAuth use the authExternal/getExternalUsername methods * Add to acknowledgements * Add reset method to Auth
2017-11-29 02:40:17 +00:00
use LibreNMS\Config;
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
use LibreNMS\Exceptions\AuthenticationException;
refactor: use Composer to manage php dependencies (#5216)
2017-01-01 03:37:15 -06:00
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1); // php >= 5.5.2
ini_set('session.use_trans_sid', 0); // insecure feature, be sure it is disabled
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) git-svn-id: http://www.observium.org/svn/observer/trunk@1299 61d68cd4-352d-0410-923a-c4978735b2b8
2010-07-05 19:19:19 +00:00
fix: two-factor auth and restore some auth speed regressions (#6649)
2017-05-15 23:13:07 -05:00
// Pre-flight checks
Fix coding style part 2
2015-07-13 20:10:26 +02:00
if (!is_dir($config['rrd_dir'])) {
echo "<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>";
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes git-svn-id: http://www.observium.org/svn/observer/trunk@1979 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-26 19:28:39 +00:00
}
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) git-svn-id: http://www.observium.org/svn/observer/trunk@1299 61d68cd4-352d-0410-923a-c4978735b2b8
2010-07-05 19:19:19 +00:00
Fix coding style part 2
2015-07-13 20:10:26 +02:00
if (!is_dir($config['temp_dir'])) {
echo "<div class='errorbox'>Temp Directory is missing ({$config['temp_dir']}). Graphing may fail.</div>";
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes git-svn-id: http://www.observium.org/svn/observer/trunk@1979 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-26 19:28:39 +00:00
}
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) git-svn-id: http://www.observium.org/svn/observer/trunk@1299 61d68cd4-352d-0410-923a-c4978735b2b8
2010-07-05 19:19:19 +00:00
Fix coding style part 2
2015-07-13 20:10:26 +02:00
if (!is_writable($config['temp_dir'])) {
echo "<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.</div>";
move authenticate to a little later, update CHANGELOG for VMware support, minor cleanups, prettify message- and errorboxes git-svn-id: http://www.observium.org/svn/observer/trunk@1979 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-26 19:28:39 +00:00
}
improved authentication checks (not sure this file is the right place, but meh) from sovern (also some fixes for diskio_ops) git-svn-id: http://www.observium.org/svn/observer/trunk@1299 61d68cd4-352d-0410-923a-c4978735b2b8
2010-07-05 19:19:19 +00:00
Updated session / cookie support
2014-02-03 22:32:45 +00:00
// Clear up any old sessions
Fix coding style part 2
2015-07-13 20:10:26 +02:00
dbDelete('session', '`session_expiry` < ?', array(time()));
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
session_start();
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
$authorizer = Auth::get();
if ($vars['page'] == 'logout' && $authorizer->sessionAuthenticated()) {
$authorizer->logOutUser();
Single Sign-On Authentication Mechanism (#7601) * Allow the URL a user is sent to after logging out to be customised This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout). * Allow auth plugins to return a username This is a bit cleaner than the current auth flow, which special cases e.g. http authentication * Add some tests, defaults and documentation * Add single sign-on authentication mechanism * Make HTTPAuth use the authExternal/getExternalUsername methods * Add to acknowledgements * Add reset method to Auth
2017-11-29 02:40:17 +00:00
header('Location: ' . Config::get('post_logout_action', Config::get('base_url')));
Fix coding style part 2
2015-07-13 20:10:26 +02:00
exit;
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8
2007-04-03 14:10:23 +00:00
}
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
try {
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
if ($authorizer->sessionAuthenticated()) {
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
// session authenticated already
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
$authorizer->logInUser();
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
} else {
// try authentication methods
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
if (isset($_POST['twofactor']) && TwoFactor::authenticate($_POST['twofactor'])) {
// process two-factor auth tokens
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
$authorizer->logInUser();
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
} elseif (isset($_COOKIE['sess_id'], $_COOKIE['token']) &&
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
$authorizer->reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token']))
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
) {
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
$_SESSION['remember'] = true;
$_SESSION['twofactor'] = true; // trust cookie
// cookie authentication
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
$authorizer->logInUser();
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
} else {
// collect username and password
$password = null;
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$username = clean($_REQUEST['username']);
$password = $_REQUEST['password'];
Single Sign-On Authentication Mechanism (#7601) * Allow the URL a user is sent to after logging out to be customised This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout). * Allow auth plugins to return a username This is a bit cleaner than the current auth flow, which special cases e.g. http authentication * Add some tests, defaults and documentation * Add single sign-on authentication mechanism * Make HTTPAuth use the authExternal/getExternalUsername methods * Add to acknowledgements * Add reset method to Auth
2017-11-29 02:40:17 +00:00
} elseif ($authorizer->authIsExternal()) {
$username = $authorizer->getExternalUsername();
Revert "Trust PHP session and remove remember me cookie" (#5252)
2016-12-27 20:37:03 +00:00
}
refactor: Trust PHP session and remove remember me cookie (#4608)
2016-12-26 16:11:00 -07:00
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
// form authentication
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
if (isset($username) && $authorizer->authenticate($username, $password)) {
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
$_SESSION['username'] = $username;
Fix coding style part 2
2015-07-13 20:10:26 +02:00
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
if (isset($_POST['remember'])) {
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
$_SESSION['remember'] = $_POST['remember'];
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
}
Fix coding style part 2
2015-07-13 20:10:26 +02:00
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
if ($authorizer->logInUser()) {
fix: Two-Factor Authentication (#6672) * fix: Two-Factor Auth Moved library to a class to take advantage of namespacing and auto loading. Update the two factor code to use the AuthenticationException for error messages. Fix remember me to work with 2fa. * missing change
2017-05-18 16:08:10 -05:00
// redirect to original uri or home page.
header('Location: '.rtrim($config['base_url'], '/').$_SERVER['REQUEST_URI'], true, 303);
}
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
}
feature: Better error messages for ad_auth (#4385)
2016-09-09 08:04:03 -05:00
}
Added redirect when a POST value is found
2015-04-11 21:01:33 +01:00
}
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
} catch (AuthenticationException $ae) {
$auth_message = $ae->getMessage();
if ($debug) {
$auth_message .= '<br /> ' . $ae->getFile() . ': ' . $ae->getLine();
}
dbInsert(
array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => $auth_message),
'authlog'
);
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 11:33:03 +01:00
$authorizer->logOutUser($auth_message);
just another cleanup commit, don't mind me... git-svn-id: http://www.observium.org/svn/observer/trunk@1885 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-16 18:28:52 +00:00
}
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
session_write_close();
fix: two-factor auth and restore some auth speed regressions (#6649)
2017-05-15 23:13:07 -05:00
// populate the permissions cache
if (isset($_SESSION['user_id'])) {
$permissions = permissions_cache($_SESSION['user_id']);
}
fix: Improve authentication load time and security (#6615) * fix: minimize session open time page/graphs speedup part 2 Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests. Do not run through full authentication functions if the session is already authenticated. Removes password from the session as well as some items to prevent session fixation from #4608. WARNING: This will cause issues for ad/ldap users who do not have a bind user configured! * Do no erase username when using cookie auth. Properly close the session in ajax_setresolution.php * write close the session as soon as possible in ajax_setresolution.php * Remove session regeneration. It is not compatible with the current code and would require more changes. * Totally refactor authentication. Extract code to functions for re-use and improved readability * Use exceptions for authentication and error logging Tested: mysql, ad_auth with and without bind user * fix a couple scrutinizer issues * fix reauthenticate in radius
2017-05-15 22:18:23 -05:00
unset($username, $password);
Reference in New Issue Copy Permalink