Add new setting to specify if user roles will be set at login or not.
Without this setting enabled, roles are only set when the user is first created and never after that. If roles set via Filter-ID attribute or radius.default_roles change, they will never be reflected on existing users.
For that reason, the default is set to enabled. Historically, radius did not enforce roles.
* Install bouncer
* Seeder and level migration
* Display and edit roles
* remove unused deluser page
* Update Radius and SSO to assign roles
* update AlertUtil direct level check to use roles instead
* rewrite ircbot auth handling
* Remove legacy auth getUserlist and getUserlevel methods, add getRoles
Set roles in LegacyUserProvider
* Small cleanups
* centralize role sync code
show roles on user preferences page
* VueSelect component WIP and a little docs
* WIP
* SelectControllers id and text fields.
* LibrenmsSelect component extracted from SettingSelectDynamic
* Handle multiple selections
* allow type coercion
* full width settings
* final style adjustments
* Final compiled assets update
* Style fixes
* Fix SSO tests
* Lint cleanups
* small style fix
* don't use json yet
* Update baseline for usptream package issues
* Change schema, not 100% sure it is correct
not sure why xor doesn't work
* Update Radius-Auth to accept permission attribute
* Update Radius-Auth to accept permission attribute
* Fixed list of strings
* Swapped " with ' in switch statement
* Added whitespace to satisfy styleCI bot
* Yet another whitespace...
* Removed two blank lines....
* Fixed missing "s"
* Try to satisfy linter - fixed a stupid mistake
Had put the code for mapping attributes inside the if statement that states that user exists in librenms. It has to be done before testing of user exists, and after radius auth is true.
* Comments was skewed
* Stylefix
* Update LibreNMS/Authentication/RadiusAuthorizer.php
Murrant's edit
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Added 0 on line 54 to satisfy test.
* StyleFix
* Stylefix2
* Style test complained about whitespaces, i guess..
* Update Authentication.md
* Update Authentication.md
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add option STARTTLS for authentication via AD
* Fix dangling spaces
* Moved starttls code to the correct place
* tabs vs spaces...
* Update ActiveDirectoryAuthorizer.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* implement support for usernames comming from reverse proxies
* add configurable auth header
* Move implementation to AuthorisationBase class
* refactored default value handling
* fixed external user check
* Adding an option (auth_ldap_skip_group_check) to bypass ldap_compare if the server does not support the option
* add auth_ldap_skip_group_check to config_definitions.json
* update resources/lang/en/settings.php
* add missing comma
* rename auth_ldap_skip_group_check to auth_ldap_require_groupmembership and change logic
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add userlist filter to ldap-authorization
* Add LDAP bind user to ldap-authorization
* Type hint getFullDn parameter of ldap-authorization
* docs: add missing options of ldap
* docs: add available options of ldap-authorization
* Implement OAuth and SAML2 support via Socialite
* Add socialite docs
* fixes
* Additional information added
* wip
* 22.3.0 targeted version
* Allow mysql auth as long as there is a password saved
Co-authored-by: laf <gh+n@laf.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Kick other session when changing password
Invalidate other sessions when a user password gets changed
* Don't logout admin users when they change passwords.
Cleanup phpstan exceptions
* only restore user if needed
* comment odd behavior
* $current_user typehint
* Improvements to SSO Authorization and logout handling
Changes:
* Adds support for a default access level in the SSO authorization
plugin when group mapping is enabled.
* Restore functionality of the auth_logout_handler configuration option,
allowing the user to be redirected to a configured URL to complete
logout from an external IdP.
* Documentation and test coverage updates
* Set sso.static_level to 0 in AuthSSOTest:testGroupParsing()
* Simplify implementation to use default values in Config::get()
* Remove $debug global
and $vdebug global
makes these variables more accessible and protects from collisions.
* the on boot set sends application as the first parameter, just handle that
* Relocate other debug related functions
* Log debug to stdout
* Wrong output
* remove stupid constants
* Fix lint and style issues
* Fixes issues with binding and authenticating users in nested groups
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* re-instated the user group check for nested groups after identifying the real issue in ActiveDirectoryAuthorizer.php
added fix for special characters in group checker in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* further fixes for styleci/pr in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fixed return value from userExists in ActiveDirectoryAuthorizer to return boolean instead of integer
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* cleanup
* don't use boolval on int...
Co-authored-by: Tony Murray <murraytony@gmail.com>
