* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
* More secure password hashes
Use PHP 5.5 password_hash(), currently uses bcrypt
increase password field length as per php documentation
* Use password_hash()/password_verify() for cookies too
* forgot to update db_schema.yaml
* Share code between all mysql based authorizers
I plan to update the mysql password encryption and this will allow the code to be changed in a single location.
It also reduces a lot of duplication.
* Fix tests, I suspect reauthenticate will work for these...
Do not allow password updates for several authorizers
* fix: ldap-authorization should be considered external
When sso auth type was added (1c6b7a9), some code for getting a username
was moved into HttpAuthAuthorizer. LdapAuthorizationAuthorizer uses the
same process to get the username and needs to be updated as well.
* Use common implementation of getExternalUsername
Authorizers get the default implementation by setting AUTH_IS_EXTERNAL.
ADAuthorizationAuthorizer is another candidate.
* Allow the URL a user is sent to after logging out to be customised
This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout).
* Allow auth plugins to return a username
This is a bit cleaner than the current auth flow, which special cases e.g. http authentication
* Add some tests, defaults and documentation
* Add single sign-on authentication mechanism
* Make HTTPAuth use the authExternal/getExternalUsername methods
* Add to acknowledgements
* Add reset method to Auth
There is no need to redeclare abstract functions if the class is already abstract and they are declared in parent.
For some reason the PHP on CentOS7 throws an error with this where all other php versions I tested were fine with it.
* Refactored authorizers to classes
* Merge changes for #7335
* ! fix php 5.3 incompatibility
* Update ADAuthorizationAuthorizer.php
* Fix get_user -> getUser
* Rename AuthorizerFactory to Auth, fix interface missing functions
* Add phpdocs to all interface methods and normalize the names a bit.
* Re-work auth_test.php AD bind tests to work properly with the new class.
Reflection is not the nicest tool, but I think it is appropriate here.
Handle exceptions more nicely in auth_test.php
* Restore AD getUseList fix
Not sure how it got removed
* fix auth_test.php style
