mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
13,673 Commits 47 Branches 151 Tags
683a10e723012bf333ba122f225ed960ffed21eb
Commit Graph

40 Commits

Author SHA1 Message Date
Tony Murray
683a10e723 fix: Improve authentication load time and security (#6615) 
* fix: minimize session open time
page/graphs speedup part 2

Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Removes password from the session as well as some items to prevent session fixation from #4608.

WARNING: This will cause issues for ad/ldap users who do not have a bind user configured!

* Do no erase username when using cookie auth.
Properly close the session in ajax_setresolution.php

* write close the session as soon as possible in ajax_setresolution.php

* Remove session regeneration. It is not compatible with the current code and would require more changes.

* Totally refactor authentication.  Extract code to functions for re-use and improved readability

* Use exceptions for authentication and error logging
Tested: mysql, ad_auth with and without bind user

* fix a couple scrutinizer issues

* fix reauthenticate in radius
 2017-05-15 22:18:23 -05:00
Tony Murray
4b9f3f37d7 fix: move user preferences dashboard and twofactor out of users table (#6286) 
* fix: move user preferences dashboard and twofactor out of users table
This allows them to work with any authentication method
Add set_user_pref() and get_user_pref() helper functions

* fix edit users for other users

* Fix updated_at default timestamp

* Update and rename 183.sql to 184.sql

* removed commented out debug
 2017-04-01 22:18:00 +01:00
rockyluke
b5a8cb0f5b webui: Minors changes on Edit User page (#5717) 
* Order user alphabetically (MySQL)

* Add (admin) or (demo) after login on Edit User page

* Fix missing $user_level

* Complete the switch/case on user level

* Remove redundant case

* Remove blank line
 2017-02-01 20:05:50 +00:00
Neil Lathwood
d5296319fb refactor: MySQL strict and query fixes (#5338) 
* refactor: MySQL strict and query fixes

* moved sql file
 2017-01-13 06:47:16 -06:00
Tony Murray
e20a242785 refactor: use Composer to manage php dependencies (#5216) 2017-01-01 09:37:15 +00:00
Neil Lathwood
a2f2ccfd2c security: Fix some reported security issues (#4807) 2016-10-15 20:45:18 +01:00
Neil Lathwood
a8efda8f30 Revert "Updated to remove passwords from sessions" (#4422) 2016-09-13 09:10:42 -05:00
Neil Lathwood
deb4b74bc9 webui: remove passwords from sessions, 'remember me' works for all auth types (#4134) 
* Updated to remove passwords from sessions

* Remove users sessions when user deleted

* Updated when cookies are set

* Updated setcookies to always contain a value

* Added destroy_cookies() to remove users cookies on failed login

* Removed debug line

* Fixed graph issues
 2016-09-12 21:41:19 -05:00
Tony Murray
8c639aa5a4 PSR2 Cleanup: /html edition 
Travis tests for code conformance. Ignore warnings for now.
Fixed all errors, left most warnings.
 2016-08-18 21:29:30 -05:00
Daniel Preussker
224ccab950 Fixed adduser bug 
Always show notification bubble
Added tooltip to archive's sticky button
 2015-11-21 12:15:42 +00:00
Daniel Preussker
987c841b48 Automatically mark all news as read for new users 
Renamed Schema for old system
 2015-11-21 11:40:24 +00:00
Daniel Preussker
afdbb2406d Added $nocache parameter 
Fixed typo in caching
Excluded caching for MySQL-Authentication & /poll-log/
 2015-09-30 15:20:06 +00:00
Job Snijders
d8693f05ae Fix coding style part 2 2015-07-15 11:04:22 +02:00
mchasteen
a1ef2e0f69 Fixed the mysql auth include and the db schema. I set the desc field to be a varchar(200) and set it to be NULL by default (this is a personal preference but since it was not set in the code...). I fixed adduser function in html/includes/authentication/mysql.inc.php. I added $description and $twofactor to the function argument with default values and added descr and twofactor elements in the array passed to the dbInsert function call. OpenSuSE 13.2 2015-02-26 23:03:05 +00:00
laf
8cf255072c Updated edit user screen so you can now update details 2014-03-10 23:50:16 +00:00
laf
18f9b89639 Removed code that was previously commented out 2014-02-23 17:55:07 +00:00
laf
005504ae6d Updated session / cookie support 2014-02-03 22:39:37 +00:00
laf
04a9f4a2f3 Updated mysql auth to use PHPass 2014-02-03 12:10:06 +00:00
Tom Laermans
764cb72cd5 fixes and cleanups 
git-svn-id: http://www.observium.org/svn/observer/trunk@3018 61d68cd4-352d-0410-923a-c4978735b2b8
 2012-04-10 15:53:10 +00:00
Tom Laermans
ff895f96a0 add get_userlist function, pull from LDAP in case of LDAP backend -- now awaiting fix of edituser page 
git-svn-id: http://www.observium.org/svn/observer/trunk@2545 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-09-22 16:46:30 +00:00
Tom Laermans
d864ce234f kill a whole bunch of trailing spaces 
git-svn-id: http://www.observium.org/svn/observer/trunk@2516 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-09-20 09:55:11 +00:00
Tom Laermans
b862c91618 fix ldap auth plugin, broke a lot of userlevel stuff a long time ago due to mysql layer changes 
git-svn-id: http://www.observium.org/svn/observer/trunk@2482 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-09-16 10:08:05 +00:00
Adam Amstrong
a1d3e4606e fixes to auth and deleting users 
git-svn-id: http://www.observium.org/svn/observer/trunk@2372 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-26 21:35:25 +00:00
Adam Amstrong
d7d7d67fa0 fixes 
git-svn-id: http://www.observium.org/svn/observer/trunk@2294 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-12 23:17:44 +00:00
Adam Amstrong
6bcc4f4e48 fix some stuff, break some stuff (ports disaply is missing some stuff atm) 
git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-12 22:14:56 +00:00
Geert Hauwaerts
9202ff9bee - Added support in MySQL auth to prohibit users from modifying their password. 
git-svn-id: http://www.observium.org/svn/observer/trunk@2252 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-05-05 14:54:12 +00:00
Tom Laermans
f55a30f744 some formatting cleanups, introduce some more FIXMEs to look at, plus replace mysql_fetch_array by mysql_fetch_assoc, for great justice 
git-svn-id: http://www.observium.org/svn/observer/trunk@2029 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-04-06 13:54:50 +00:00
Tom Laermans
2be7bfe497 r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module 
git-svn-id: http://www.observium.org/svn/observer/trunk@1984 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-28 10:48:43 +00:00
Tom Laermans
2f0c69c9ef only update password to salted if database field is long enough 
git-svn-id: http://www.observium.org/svn/observer/trunk@1939 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-20 21:13:59 +00:00
Tom Laermans
7bd37c5b06 change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds 
git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-19 20:23:23 +00:00
Tom Laermans
6ce38e5229 check for existing user in adduser 
git-svn-id: http://www.observium.org/svn/observer/trunk@1930 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-18 16:56:02 +00:00
Tom Laermans
2afb522333 just another cleanup commit, don't mind me... 
git-svn-id: http://www.observium.org/svn/observer/trunk@1885 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-16 18:28:52 +00:00
Tom Laermans
c6428480bc remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) 
git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8
 2011-03-12 08:50:47 +00:00
Adam Amstrong
8dfad7f27d fix password change for mysql auth 
git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-06-21 15:39:43 +00:00
Tom Laermans
c0620baddc more working less sucking 
git-svn-id: http://www.observium.org/svn/observer/trunk@994 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:22:09 +00:00
Tom Laermans
1900cbb309 can has working pages? NO CAN HAS :( 
git-svn-id: http://www.observium.org/svn/observer/trunk@993 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:19:06 +00:00
Tom Laermans
71bcc3abe4 userlevel via authmodule 
git-svn-id: http://www.observium.org/svn/observer/trunk@992 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:15:52 +00:00
Tom Laermans
eed5f0c3c3 MOAR AUTHMODULE, with some parts left to do... 
git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 01:10:05 +00:00
Tom Laermans
cb7c59505f change password option in the auth modules, not used in the webinterface yet 
git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-03-06 00:00:05 +00:00
Tom Laermans
b719e22e8e auth modules! please test http-auth again, i haven't, but i think i got it right... 
git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8
 2010-02-28 13:04:07 +00:00