* fix: minimize session open time
page/graphs speedup part 2
Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Removes password from the session as well as some items to prevent session fixation from #4608.
WARNING: This will cause issues for ad/ldap users who do not have a bind user configured!
* Do no erase username when using cookie auth.
Properly close the session in ajax_setresolution.php
* write close the session as soon as possible in ajax_setresolution.php
* Remove session regeneration. It is not compatible with the current code and would require more changes.
* Totally refactor authentication. Extract code to functions for re-use and improved readability
* Use exceptions for authentication and error logging
Tested: mysql, ad_auth with and without bind user
* fix a couple scrutinizer issues
* fix reauthenticate in radius
* fix: move user preferences dashboard and twofactor out of users table
This allows them to work with any authentication method
Add set_user_pref() and get_user_pref() helper functions
* fix edit users for other users
* Fix updated_at default timestamp
* Update and rename 183.sql to 184.sql
* removed commented out debug
* Updated to remove passwords from sessions
* Remove users sessions when user deleted
* Updated when cookies are set
* Updated setcookies to always contain a value
* Added destroy_cookies() to remove users cookies on failed login
* Removed debug line
* Fixed graph issues
This Authentitation / Authorization module provides the ability to let
the webserver (e.g. Apache) do the user Authentication (using Kerberos
f.e.) and let libreNMS do the Authorization of the already known user.
Authorization and setting of libreNMS user level is done by LDAP group
names specified in the configuration file. The group configuration is
basicly copied from the existing ldap Authentication module.
To save lots of redundant queries to the LDAP server and speed up the
libreNMS WebUI, all information is cached within the PHP $_SESSION as
long as specified in $config['auth_ldap_cache_ttl'] (Default: 300s).
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
