* Fixes issues with binding and authenticating users in nested groups
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* re-instated the user group check for nested groups after identifying the real issue in ActiveDirectoryAuthorizer.php
added fix for special characters in group checker in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* further fixes for styleci/pr in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fixed return value from userExists in ActiveDirectoryAuthorizer to return boolean instead of integer
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* cleanup
* don't use boolval on int...
Co-authored-by: Tony Murray <murraytony@gmail.com>
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
Extract common AD auth code to ADUtils
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
Extract common AD auth code to ADUtils
* Send no user info to log instead of toast.
* Remove commented code
* add abstract getConnection() method that is required.
* Actually return the value
* Fix AD auth with large SID components
Per http://php.net/manual/en/function.unpack.php unpack on 32bit will convert large unsigned long values into signed long values, so we check for PHP_INT_SIZE and fix them up if necessary.
* Fix indentation
* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
* LDAP debug
Updated LDAP and AD docs
ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2.
ad was using auth_ad_timeout incorrectly (1 I think)
* Add option to list all users.
* Share code between all mysql based authorizers
I plan to update the mysql password encryption and this will allow the code to be changed in a single location.
It also reduces a lot of duplication.
* Fix tests, I suspect reauthenticate will work for these...
Do not allow password updates for several authorizers
* refactor: AD Auth defer connection until it is needed
Nice error if php-ldap is missing instead of http 500.
* Add the same error when ldap is missing to other auth methods.
Not as graceful looking in the authorizers since they do not defer connection.
* Refactored authorizers to classes
* Merge changes for #7335
* ! fix php 5.3 incompatibility
* Update ADAuthorizationAuthorizer.php
* Fix get_user -> getUser
* Rename AuthorizerFactory to Auth, fix interface missing functions
* Add phpdocs to all interface methods and normalize the names a bit.
* Re-work auth_test.php AD bind tests to work properly with the new class.
Reflection is not the nicest tool, but I think it is appropriate here.
Handle exceptions more nicely in auth_test.php
* Restore AD getUseList fix
Not sure how it got removed
* fix auth_test.php style
