* Add option STARTTLS for authentication via AD
* Fix dangling spaces
* Moved starttls code to the correct place
* tabs vs spaces...
* Update ActiveDirectoryAuthorizer.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* implement support for usernames comming from reverse proxies
* add configurable auth header
* Move implementation to AuthorisationBase class
* refactored default value handling
* fixed external user check
* Adding an option (auth_ldap_skip_group_check) to bypass ldap_compare if the server does not support the option
* add auth_ldap_skip_group_check to config_definitions.json
* update resources/lang/en/settings.php
* add missing comma
* rename auth_ldap_skip_group_check to auth_ldap_require_groupmembership and change logic
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add userlist filter to ldap-authorization
* Add LDAP bind user to ldap-authorization
* Type hint getFullDn parameter of ldap-authorization
* docs: add missing options of ldap
* docs: add available options of ldap-authorization
* Implement OAuth and SAML2 support via Socialite
* Add socialite docs
* fixes
* Additional information added
* wip
* 22.3.0 targeted version
* Allow mysql auth as long as there is a password saved
Co-authored-by: laf <gh+n@laf.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Kick other session when changing password
Invalidate other sessions when a user password gets changed
* Don't logout admin users when they change passwords.
Cleanup phpstan exceptions
* only restore user if needed
* comment odd behavior
* $current_user typehint
* Improvements to SSO Authorization and logout handling
Changes:
* Adds support for a default access level in the SSO authorization
plugin when group mapping is enabled.
* Restore functionality of the auth_logout_handler configuration option,
allowing the user to be redirected to a configured URL to complete
logout from an external IdP.
* Documentation and test coverage updates
* Set sso.static_level to 0 in AuthSSOTest:testGroupParsing()
* Simplify implementation to use default values in Config::get()
* Remove $debug global
and $vdebug global
makes these variables more accessible and protects from collisions.
* the on boot set sends application as the first parameter, just handle that
* Relocate other debug related functions
* Log debug to stdout
* Wrong output
* remove stupid constants
* Fix lint and style issues
* Fixes issues with binding and authenticating users in nested groups
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* re-instated the user group check for nested groups after identifying the real issue in ActiveDirectoryAuthorizer.php
added fix for special characters in group checker in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* further fixes for styleci/pr in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fixed return value from userExists in ActiveDirectoryAuthorizer to return boolean instead of integer
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* cleanup
* don't use boolval on int...
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Device group based access
* Use Permissions class to resolve permissions
Also give port access based on device access
* Convert more pages to use Permissions class
* shorten config setting name
use Eloquent relationships in several places
alphabetize config_definitions.json
* Change Models and Permissions
* Clean up ajax_search LIMIT sql
* Convert more pages to use Permissions class
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add option to authenticate user independtly of OU
* Set config option in webui
* Compatibility with bind username option
* ran ./lnms translation:generate
* update doc
* user deactivation feature
* update db_schema.yaml
* travis fix
* readd sqlfile with alter statement
* ..
* revert force push
* combine all queries
* fix query
* user enable/disable only visible on mysql authorization
* Update form.blade.php
* Update index.blade.php
* disable 'enabled' on own profile
* bootstraping checkboxes
* Remove $_SESSION usage, except install
Fixes issue with device debug capture
Removes secure_cookies setting, use the .env variable SESSION_SECURE_COOKIE instead. Reminder secure cookies requires cookies are transported over https, if everything is already transported via https, the setting won't make a difference.
* Fix availability map controls
* Refactor tests
Boot Laravel for all tests.
Config use private static property for storage instead of global
* Backup/restore modules
* disable snmpsim log
* Fixing DBTestCase
* Fix macros loading to the wrong place
* trap and other tests should check if db is available
* don't include snmp.inc.php if mock.snmp.inc.php is already included...
* fix migration
* if we don't reset the db, run migrations at least.
* set vars for migrate too
* Fix style
* ignore issues with undefined indexes in legacy code
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Modification of the getUserlist fonction to use ldap filter
* Modification of the getUserlist fonction to use ldap filter V2
* documentation of auth_ldap_Userlist_filter option
* documentation of auth_ldap_Userlist_filter option V2
* Allow filtering of getUserlist LDAP function
* Support for system APP_LOCALE
* Start preferences re-write
* port 2fa form
* Working user preferences
* Language user preference
* Don't look up locale from the DB every request
* Device list working
* Deny demo user middleware
* Finish password changing
* remove used resource methods
* remove leftover use
* warn that translation is incomplete
* fix style
* Reorganize trap tests
* Testing db DRIVER to prevent .env from interfering
* New code to detect if Laravel is booted. Hopefully more reliable.
* WIP external test process
* revert module test helper
* Use .env in Eloquent::boot()
* Fix test database settings loading
* fix undefined classes
(didn't find the one I needed)
* Fix incorrect Config usages
And RrdDefinition return type
* fix .env loading
* use the right DB
* slightly more accurate isConnected
* Move db_name to DBSetupTest specifically
* restore $_SERVER in AuthSSOTest
* missed item
* WIP
* tear down in the correct order.
* some testing cleanups
* remove check for duplicate event listener, it's not working right
* Don't need this change anymore
* Implement Log::event to replace legacy function log_event()
* fix port tests
* fix up tests
* remove pointless TrapTestCase class
* fix style
* Fix db config not being merged...
* skip env check for tests
* defer database operations until after Laravel is booted.
* don't include dbFaciale...
* redundant use
* Reorganize trap tests
* Testing db DRIVER to prevent .env from interfering
* New code to detect if Laravel is booted. Hopefully more reliable.
* WIP external test process
* revert module test helper
* Use .env in Eloquent::boot()
* Fix test database settings loading
* fix undefined classes
(didn't find the one I needed)
* Fix incorrect Config usages
And RrdDefinition return type
* fix .env loading
* use the right DB
* slightly more accurate isConnected
* Move db_name to DBSetupTest specifically
* restore $_SERVER in AuthSSOTest
* missed item
* WIP
* tear down in the correct order.
* some testing cleanups
* remove check for duplicate event listener, it's not working right
* Don't need this change anymore
* Implement Log::event to replace legacy function log_event()
* fix port tests
* fix up tests
* remove pointless TrapTestCase class
* fix style
* Add lnms user:add command
Uses events to mark past notifications as read (even for non-manually added users)
* Filter out previous options from auto-completion
* use validation to check cli input
* Warn if using other auth
* abstract LnmsCommand
* Use setPassword helper for hashing instead of mutator
* Extract validation function
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
Extract common AD auth code to ADUtils
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
Extract common AD auth code to ADUtils
* Send no user info to log instead of toast.
* Remove commented code
* add abstract getConnection() method that is required.
* Actually return the value
* Fix AD auth with large SID components
Per http://php.net/manual/en/function.unpack.php unpack on 32bit will convert large unsigned long values into signed long values, so we check for PHP_INT_SIZE and fix them up if necessary.
* Fix indentation
* First attempt at ldap-auth fixes
* no, guest, so it is not allowed.
* cast to int
* don't count on Session
* return full user
* Specific error for guest not allowed.
* fix up external auth user creation
* fix check
* Fix user level missing
Simplify middleware
* use guard if configured
