Commit Graph
13 Commits
Author SHA1 Message Date
pep-unandNeil Lathwood 0e09e09f04 bug: Improve LDAP filter in the getUserlist() function (#8253)
Improve LDAP filtering to improve the speed of some pages (Dashboard and
Edit User mainly). If we don't apply this filter all the users are getted
from LDAP and used in to the loop, with 2k users (for us) the page take
more than 15 seconds to be loaded.

I have check than people still have differante access with this fix.
2018-03-09 17:58:28 +01:00
Tony MurrayandNeil Lathwood 1188b53192 security: Use more secure password hashes (#8213)
* More secure password hashes
Use PHP 5.5 password_hash(), currently uses bcrypt
increase password field length as per php documentation

* Use password_hash()/password_verify() for cookies too

* forgot to update db_schema.yaml
2018-02-08 23:08:21 +00:00
Tony MurrayandNeil Lathwood 5141fc4872 refactor: Share code between all mysql based authorizers (#8174)
* Share code between all mysql based authorizers
I plan to update the mysql password encryption and this will allow the code to be changed in a single location.
It also reduces a lot of duplication.

* Fix tests, I suspect reauthenticate will work for these...
Do not allow password updates for several authorizers
2018-02-06 21:20:34 +00:00
Adam BishopandTony Murray 92e1048940 fix: Make consistent with other authorisers (#8151)
Discussed in #7601
2018-01-27 06:57:40 -06:00
Peter McNabbandTony Murray 2fb8dd7904 fix: ldap-authorization should be considered external (#8047)
* fix: ldap-authorization should be considered external

When sso auth type was added (1c6b7a9), some code for getting a username
was moved into HttpAuthAuthorizer. LdapAuthorizationAuthorizer uses the
same process to get the username and needs to be updated as well.

* Use common implementation of getExternalUsername

Authorizers get the default implementation by setting AUTH_IS_EXTERNAL.
ADAuthorizationAuthorizer is another candidate.
2018-01-09 16:13:47 -06:00
Ultra2DandTony Murray adca942552 Fix: Add user level to getUser for LDAP authentication (#7896)
* Fix: Add user level to getUser for LDAP authentication

* Fix: Add user level to getUser for LDAP authentication for current user only
2017-12-12 07:46:29 -06:00
Tony MurrayandNeil Lathwood c22c879983 fix: Remove faulty memcached code (not related to distributed polling) (#7881) 2017-12-10 20:40:45 +00:00
Adam BishopandTony Murray 1c6b7a967f Single Sign-On Authentication Mechanism (#7601)
* Allow the URL a user is sent to after logging out to be customised
This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout).

* Allow auth plugins to return a username

This is a bit cleaner than the current auth flow, which special cases e.g. http authentication

* Add some tests, defaults and documentation

* Add single sign-on authentication mechanism

* Make HTTPAuth use the authExternal/getExternalUsername methods

* Add to acknowledgements

* Add reset method to Auth
2017-11-28 20:40:17 -06:00
Tony MurrayandGitHub 6b5dccc169 refactor: AD Auth defer connection until it is needed (#7768)
* refactor: AD Auth defer connection until it is needed
Nice error if php-ldap is missing instead of http 500.

* Add the same error when ldap is missing to other auth methods.
Not as graceful looking in the authorizers since they do not defer connection.
2017-11-28 09:19:34 -06:00
Tony MurrayandGitHub 0c83bd051b Fix: Authentication on CentOS6 (#7771)
There is no need to redeclare abstract functions if the class is already abstract and they are declared in parent.
For some reason the PHP on CentOS7 throws an error with this where all other php versions I tested were fine with it.
2017-11-19 21:59:05 -06:00
Tony MurrayandGitHub d8c33463c6 fix: ldap auth typo (#7766) 2017-11-19 13:02:19 -06:00
mcq8andNeil Lathwood c9728a1f71 refactor: Refactored authorizers to classes (#7497)
* Refactored authorizers to classes

* Merge changes for #7335

* ! fix php 5.3 incompatibility

* Update ADAuthorizationAuthorizer.php

* Fix get_user -> getUser

* Rename AuthorizerFactory to Auth, fix interface missing functions

* Add phpdocs to all interface methods and normalize the names a bit.

* Re-work auth_test.php AD bind tests to work properly with the new class.
Reflection is not the nicest tool, but I think it is appropriate here.
Handle exceptions more nicely in auth_test.php

* Restore AD getUseList fix

Not sure how it got removed

* fix auth_test.php style
2017-11-18 10:33:03 +00:00
Tony MurrayandNeil Lathwood 4d0c75343e fix: Two-Factor Authentication (#6672)
* fix: Two-Factor Auth
Moved library to a class to take advantage of namespacing and auto loading.
Update the two factor code to use the AuthenticationException for error messages.
Fix remember me to work with 2fa.

* missing change
2017-05-18 22:08:10 +01:00