mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
f4a33c1a34
* Prevent credentials from being leak in backtrace in some instances Particularly before the user is authenticated * fix test
44 lines
1.2 KiB
PHP
44 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace LibreNMS\Authentication;
|
|
|
|
use Dapphp\Radius\Radius;
|
|
use LibreNMS\Config;
|
|
use LibreNMS\Exceptions\AuthenticationException;
|
|
|
|
class RadiusAuthorizer extends MysqlAuthorizer
|
|
{
|
|
protected static $HAS_AUTH_USERMANAGEMENT = 1;
|
|
protected static $CAN_UPDATE_USER = 1;
|
|
protected static $CAN_UPDATE_PASSWORDS = 0;
|
|
|
|
/** @var Radius $radius */
|
|
protected $radius;
|
|
|
|
public function __construct()
|
|
{
|
|
$this->radius = new Radius(Config::get('radius.hostname'), Config::get('radius.secret'), Config::get('radius.suffix'), Config::get('radius.timeout'), Config::get('radius.port'));
|
|
}
|
|
|
|
public function authenticate($credentials)
|
|
{
|
|
global $debug;
|
|
|
|
if (empty($credentials['username'])) {
|
|
throw new AuthenticationException('Username is required');
|
|
}
|
|
|
|
if ($debug) {
|
|
$this->radius->setDebug(true);
|
|
}
|
|
|
|
$password = $credentials['password'] ?? null;
|
|
if ($this->radius->accessRequest($credentials['username'], $password) === true) {
|
|
$this->addUser($credentials['username'], $password, Config::get('radius.default_level', 1));
|
|
return true;
|
|
}
|
|
|
|
throw new AuthenticationException();
|
|
}
|
|
}
|