mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Use Laravel authentication (#8702)
* Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
This commit is contained in:
Tony Murray
GitHub
@@ -12,25 +12,22 @@
|
||||
* the source code distribution for details.
|
||||
*/
|
||||
|
||||
use LibreNMS\Authentication\Auth;
|
||||
use LibreNMS\Authentication\LegacyAuth;
|
||||
|
||||
function authToken(\Slim\Route $route)
|
||||
{
|
||||
global $permissions;
|
||||
|
||||
$app = \Slim\Slim::getInstance();
|
||||
$token = $app->request->headers->get('X-Auth-Token');
|
||||
if (!empty($token)
|
||||
&& ($user_id = dbFetchCell('SELECT `AT`.`user_id` FROM `api_tokens` AS AT WHERE `AT`.`token_hash`=? && `AT`.`disabled`=0', array($token)))
|
||||
&& ($user = Auth::get()->getUser($user_id))
|
||||
) {
|
||||
if (Auth::check()) {
|
||||
$user = Auth::user();
|
||||
|
||||
// Fake session so the standard auth/permissions checks work
|
||||
$_SESSION = array(
|
||||
'username' => $user['username'],
|
||||
'user_id' => $user['user_id'],
|
||||
'userlevel' => $user['level']
|
||||
);
|
||||
$permissions = permissions_cache(Auth::id());
|
||||
$_SESSION = [
|
||||
'username' => $user->username,
|
||||
'user_id' => $user->user_id,
|
||||
'userlevel' => $user->level
|
||||
];
|
||||
$permissions = permissions_cache($user->user_id);
|
||||
|
||||
return;
|
||||
}
|
||||
@@ -109,14 +106,14 @@ function check_port_permission($port_id, $device_id)
|
||||
|
||||
function check_is_admin()
|
||||
{
|
||||
if (!Auth::user()->hasGlobalAdmin()) {
|
||||
if (!LegacyAuth::user()->hasGlobalAdmin()) {
|
||||
api_error(403, 'Insufficient privileges');
|
||||
}
|
||||
}
|
||||
|
||||
function check_is_read()
|
||||
{
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
api_error(403, 'Insufficient privileges');
|
||||
}
|
||||
}
|
||||
@@ -353,9 +350,9 @@ function list_devices()
|
||||
}
|
||||
|
||||
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
$sql .= " AND `d`.`device_id` IN (SELECT device_id FROM devices_perms WHERE user_id = ?)";
|
||||
$param[] = Auth::id();
|
||||
$param[] = LegacyAuth::id();
|
||||
}
|
||||
$devices = array();
|
||||
$dev_query = "SELECT $select FROM `devices` AS d $join WHERE $sql GROUP BY d.`hostname` ORDER BY $order";
|
||||
@@ -583,9 +580,9 @@ function list_cbgp()
|
||||
$sql = " AND `devices`.`device_id` = ?";
|
||||
$sql_params[] = $device_id;
|
||||
}
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
$sql .= " AND `bgpPeers_cbgp`.`device_id` IN (SELECT device_id FROM devices_perms WHERE user_id = ?)";
|
||||
$sql_params[] = Auth::id();
|
||||
$sql_params[] = LegacyAuth::id();
|
||||
}
|
||||
|
||||
$bgp_counters = array();
|
||||
@@ -910,7 +907,7 @@ function get_port_graphs()
|
||||
$params = array($device_id);
|
||||
if (!device_permitted($device_id)) {
|
||||
$sql = 'AND `port_id` IN (select `port_id` from `ports_perms` where `user_id` = ?)';
|
||||
array_push($params, Auth::id());
|
||||
array_push($params, LegacyAuth::id());
|
||||
}
|
||||
|
||||
$ports = dbFetchRows("SELECT $columns FROM `ports` WHERE `device_id` = ? AND `deleted` = '0' $sql ORDER BY `ifIndex` ASC", $params);
|
||||
@@ -980,10 +977,10 @@ function get_all_ports()
|
||||
validate_column_list($columns, 'ports');
|
||||
$params = array();
|
||||
$sql = '';
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
$sql = ' AND (device_id IN (SELECT device_id FROM devices_perms WHERE user_id = ?) OR port_id IN (SELECT port_id FROM ports_perms WHERE user_id = ?))';
|
||||
array_push($params, Auth::id());
|
||||
array_push($params, Auth::id());
|
||||
array_push($params, LegacyAuth::id());
|
||||
array_push($params, LegacyAuth::id());
|
||||
}
|
||||
$ports = dbFetchRows("SELECT $columns FROM `ports` WHERE `deleted` = 0 $sql", $params);
|
||||
|
||||
@@ -1322,9 +1319,9 @@ function list_bills()
|
||||
} else {
|
||||
$sql = '1';
|
||||
}
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
$sql .= ' AND `bill_id` IN (SELECT `bill_id` FROM `bill_perms` WHERE `user_id` = ?)';
|
||||
$param[] = Auth::id();
|
||||
$param[] = LegacyAuth::id();
|
||||
}
|
||||
|
||||
if ($period === 'previous') {
|
||||
@@ -1380,7 +1377,7 @@ function get_bill_graph()
|
||||
$bill_id = mres($router['bill_id']);
|
||||
$graph_type = $router['graph_type'];
|
||||
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
check_bill_permission($bill_id);
|
||||
}
|
||||
|
||||
@@ -1406,7 +1403,7 @@ function get_bill_graphdata()
|
||||
$bill_id = mres($router['bill_id']);
|
||||
$graph_type = $router['graph_type'];
|
||||
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
check_bill_permission($bill_id);
|
||||
}
|
||||
|
||||
@@ -1434,7 +1431,7 @@ function get_bill_history()
|
||||
$router = $app->router()->getCurrentRoute()->getParams();
|
||||
$bill_id = mres($router['bill_id']);
|
||||
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
check_bill_permission($bill_id);
|
||||
}
|
||||
|
||||
@@ -1456,7 +1453,7 @@ function get_bill_history_graph()
|
||||
$bill_hist_id = mres($router['bill_hist_id']);
|
||||
$graph_type = $router['graph_type'];
|
||||
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
check_bill_permission($bill_id);
|
||||
}
|
||||
|
||||
@@ -1500,7 +1497,7 @@ function get_bill_history_graphdata()
|
||||
$bill_hist_id = mres($router['bill_hist_id']);
|
||||
$graph_type = $router['graph_type'];
|
||||
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
check_bill_permission($bill_id);
|
||||
}
|
||||
|
||||
@@ -1829,9 +1826,9 @@ function list_vrf()
|
||||
$sql = " AND `vrfs`.`vrf_name`=?";
|
||||
$sql_params = array($vrfname);
|
||||
}
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
$sql .= " AND `vrfs`.`device_id` IN (SELECT device_id FROM devices_perms WHERE user_id = ?)";
|
||||
$sql_params[] = Auth::id();
|
||||
$sql_params[] = LegacyAuth::id();
|
||||
}
|
||||
|
||||
$vrfs = array();
|
||||
@@ -1902,9 +1899,9 @@ function list_vlans()
|
||||
$sql = " AND `devices`.`device_id` = ?";
|
||||
$sql_params[] = $device_id;
|
||||
}
|
||||
if (!Auth::user()->hasGlobalRead()) {
|
||||
if (!LegacyAuth::user()->hasGlobalRead()) {
|
||||
$sql .= " AND `vlans`.`device_id` IN (SELECT device_id FROM devices_perms WHERE user_id = ?)";
|
||||
$sql_params[] = Auth::id();
|
||||
$sql_params[] = LegacyAuth::id();
|
||||
}
|
||||
|
||||
$vlans = array();
|
||||
|
||||
Reference in New Issue
Block a user