mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: two-factor auth and restore some auth speed regressions (#6649)

Browse Source
This commit is contained in:
Tony Murray
2017-05-15 23:13:07 -05:00
committed by GitHub
parent 683a10e723
commit 155d9de8dc
2 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
html/includes/authenticate.inc.php
View File

@@ -7,7 +7,7 @@ ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1); // php >= 5.5.2 ini_set('session.use_strict_mode', 1); // php >= 5.5.2
ini_set('session.use_trans_sid', 0); // insecure feature, be sure it is disabled ini_set('session.use_trans_sid', 0); // insecure feature, be sure it is disabled
// Preflight checks // Pre-flight checks
if (!is_dir($config['rrd_dir'])) { if (!is_dir($config['rrd_dir'])) {
echo "<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>"; echo "<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>";
} }
@@ -87,4 +87,10 @@ try {
} }
session_write_close(); session_write_close();
// populate the permissions cache
if (isset($_SESSION['user_id'])) {
$permissions = permissions_cache($_SESSION['user_id']);
}
unset($username, $password); unset($username, $password);

30
html/includes/authentication/functions.php
View File

@@ -56,7 +56,7 @@ function log_out_user($message = 'Logged Out')
*/ */
function log_in_user() function log_in_user()
{ {
global $config, $permissions; global $config;
// set up variables, but don't override existing ones (ad anonymous bind can only get user_id at login) // set up variables, but don't override existing ones (ad anonymous bind can only get user_id at login)
if (!isset($_SESSION['userlevel'])) { if (!isset($_SESSION['userlevel'])) {
@@ -72,22 +72,22 @@ function log_in_user()
throw new AuthenticationException('Invalid Credentials'); throw new AuthenticationException('Invalid Credentials');
} }
// check twofactor if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'])) {
if ($config['twofactor'] === true && !isset($_SESSION['twofactor'])) { // check twofactor
include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php'; if ($config['twofactor'] === true && !isset($_SESSION['twofactor'])) {
twofactor_auth(); include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';
twofactor_auth();
}
// if two factor isn't enabled or it has passed already ware are logged in
if (!$config['twofactor'] || $_SESSION['twofactor']) {
$_SESSION['authenticated'] = true;
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
} else {
throw new AuthenticationException('Two-Factor Auth Failed');
}
} }
// if two factor isn't enabled or it has passed already ware are logged in
if (!$config['twofactor'] || $_SESSION['twofactor']) {
$_SESSION['authenticated'] = true;
dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
} else {
throw new AuthenticationException('Two-Factor Auth Failed');
}
// populate the permissions cache
$permissions = permissions_cache($_SESSION['user_id']);
return true; return true;
} }