mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
13,708 Commits 47 Branches 151 Tags
14a143a6a745b983c3c5fc3672855bacc203bd51
Commit Graph

33 Commits

Author SHA1 Message Date
Neil Lathwood
14a143a6a7 fix: Fixed http-auth not honouring http_auth_guest (#6699) 
* fix: Fixed http-auth not honouring http_auth_guest

* Always fall back to http_auth_guest.
Make sure $username is set, otherwise, we won't try to authenticate.

* reverted elseif to default to http-auth-guest

* Update authenticate.inc.php

simplify logic
 2017-05-23 08:40:57 +01:00
Tony Murray
683a10e723 fix: Improve authentication load time and security (#6615) 
* fix: minimize session open time
page/graphs speedup part 2

Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Removes password from the session as well as some items to prevent session fixation from #4608.

WARNING: This will cause issues for ad/ldap users who do not have a bind user configured!

* Do no erase username when using cookie auth.
Properly close the session in ajax_setresolution.php

* write close the session as soon as possible in ajax_setresolution.php

* Remove session regeneration. It is not compatible with the current code and would require more changes.

* Totally refactor authentication.  Extract code to functions for re-use and improved readability

* Use exceptions for authentication and error logging
Tested: mysql, ad_auth with and without bind user

* fix a couple scrutinizer issues

* fix reauthenticate in radius
 2017-05-15 22:18:23 -05:00
Tony Murray
4b9f3f37d7 fix: move user preferences dashboard and twofactor out of users table (#6286) 
* fix: move user preferences dashboard and twofactor out of users table
This allows them to work with any authentication method
Add set_user_pref() and get_user_pref() helper functions

* fix edit users for other users

* Fix updated_at default timestamp

* Update and rename 183.sql to 184.sql

* removed commented out debug
 2017-04-01 22:18:00 +01:00
Neil Lathwood
e2962adac8 fix: Updated http-auth to work with nginx http auth #6102 (#6174) 2017-03-12 07:54:59 -05:00
Tony Murray
e20a242785 refactor: use Composer to manage php dependencies (#5216) 2017-01-01 09:37:15 +00:00
Neil Lathwood
a8efda8f30 Revert "Updated to remove passwords from sessions" (#4422) 2016-09-13 09:10:42 -05:00
Neil Lathwood
deb4b74bc9 webui: remove passwords from sessions, 'remember me' works for all auth types (#4134) 
* Updated to remove passwords from sessions

* Remove users sessions when user deleted

* Updated when cookies are set

* Updated setcookies to always contain a value

* Added destroy_cookies() to remove users cookies on failed login

* Removed debug line

* Fixed graph issues
 2016-09-12 21:41:19 -05:00
Tony Murray
8c639aa5a4 PSR2 Cleanup: /html edition 
Travis tests for code conformance. Ignore warnings for now.
Fixed all errors, left most warnings.
 2016-08-18 21:29:30 -05:00
Daniel Preussker
ff03e17e7f scrut fixes 2015-11-21 14:12:27 +00:00
Daniel Preussker
340fd75bd5 fix rest of the authmodules 2015-11-21 12:25:34 +00:00
Job Snijders
d8693f05ae Fix coding style part 2 2015-07-15 11:04:22 +02:00
laf
7f95922160 Updated adduser to check for existing user and use password hashing 2014-10-06 18:39:48 +01:00
laf
8cf255072c Updated edit user screen so you can now update details 2014-03-10 23:50:16 +00:00
laf
005504ae6d Updated session / cookie support 2014-02-03 22:39:37 +00:00
Adam Amstrong
b273e04241 /// -> // 
git-svn-id: http://www.observium.org/svn/observer/trunk@3240 61d68cd4-352d-0410-923a-c4978735b2b8
 2012-05-25 12:24:34 +00:00
Adam Amstrong
cacf913a55 # -> / for phpdoc 
git-svn-id: http://www.observium.org/svn/observer/trunk@3239 61d68cd4-352d-0410-923a-c4978735b2b8
 2012-05-25 11:29:53 +00:00
Tom Laermans
764cb72cd5 fixes and cleanups 
git-svn-id: http://www.observium.org/svn/observer/trunk@3018 61d68cd4-352d-0410-923a-c4978735b2b8
 2012-04-10 15:53:10 +00:00
Tom Laermans
ff895f96a0 add get_userlist function, pull from LDAP in case of LDAP backend -- now awaiting fix of edituser page 
git-svn-id: http://www.observium.org/svn/observer/trunk@2545 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-09-22 16:46:30 +00:00
Adam Amstrong
8d8e80c911 fix typo in useradd function for httpauth 
git-svn-id: http://www.observium.org/svn/observer/trunk@2403 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-08-27 23:12:51 +00:00
Adam Amstrong
6bcc4f4e48 fix some stuff, break some stuff (ports disaply is missing some stuff atm) 
git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-12 22:14:56 +00:00
Tom Laermans
6c293c692a now in line with the rest of the code style... 
git-svn-id: http://www.observium.org/svn/observer/trunk@2223 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-03 14:14:23 +00:00
Adam Amstrong
c5aee9205b more auth fixes from lenwe. 
git-svn-id: http://www.observium.org/svn/observer/trunk@2222 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-03 14:10:21 +00:00
Adam Amstrong
802958fe3d less if $thing more if isset($thing). from lenwe. 
git-svn-id: http://www.observium.org/svn/observer/trunk@2220 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-03 11:28:39 +00:00
Tom Laermans
f55a30f744 some formatting cleanups, introduce some more FIXMEs to look at, plus replace mysql_fetch_array by mysql_fetch_assoc, for great justice 
git-svn-id: http://www.observium.org/svn/observer/trunk@2029 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-04-06 13:54:50 +00:00
Tom Laermans
2be7bfe497 r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module 
git-svn-id: http://www.observium.org/svn/observer/trunk@1984 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-28 10:48:43 +00:00
Tom Laermans
2afb522333 just another cleanup commit, don't mind me... 
git-svn-id: http://www.observium.org/svn/observer/trunk@1885 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-16 18:28:52 +00:00
Tom Laermans
c6428480bc remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) 
git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-12 08:50:47 +00:00
Tom Laermans
c0620baddc more working less sucking 
git-svn-id: http://www.observium.org/svn/observer/trunk@994 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:22:09 +00:00
Tom Laermans
1900cbb309 can has working pages? NO CAN HAS :( 
git-svn-id: http://www.observium.org/svn/observer/trunk@993 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:19:06 +00:00
Tom Laermans
71bcc3abe4 userlevel via authmodule 
git-svn-id: http://www.observium.org/svn/observer/trunk@992 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:15:52 +00:00
Tom Laermans
eed5f0c3c3 MOAR AUTHMODULE, with some parts left to do... 
git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:10:05 +00:00
Tom Laermans
cb7c59505f change password option in the auth modules, not used in the webinterface yet 
git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 00:00:05 +00:00
Tom Laermans
b719e22e8e auth modules! please test http-auth again, i haven't, but i think i got it right... 
git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-02-28 13:04:07 +00:00