clones/librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-09-21 18:38:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
a19a18492e
librenms/scripts/auth_test.php

139 lines
4.5 KiB
PHP
Raw Normal View History

feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
#!/usr/bin/php
<?php
Use Config helper (#10339) remove usage of global variable
2019-06-23 05:29:12 +00:00
use LibreNMS\Config;
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
use LibreNMS\Authentication\LegacyAuth;
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
refactor: LDAP debug output (#8434) * LDAP debug Updated LDAP and AD docs ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2. ad was using auth_ad_timeout incorrectly (1 I think) * Add option to list all users.
2018-03-29 10:40:27 +00:00
$options = getopt('u:rldvh');
if (isset($options['h']) || (!isset($options['l']) && !isset($options['u']))) {
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
echo ' -u <username> (Required) username to test
refactor: LDAP debug output (#8434) * LDAP debug Updated LDAP and AD docs ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2. ad was using auth_ad_timeout incorrectly (1 I think) * Add option to list all users.
2018-03-29 10:40:27 +00:00
-l List all users (checks that auth can enumerate all allowed users)
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
-d Enable debug output
-v Enable verbose debug output
-h Display this help message
';
exit;
}
if (isset($options['d'])) {
$debug = true;
}
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
$init_modules = [];
auth_test.php -v override config.php (#8508)
2018-04-05 21:43:54 +00:00
require realpath(__DIR__ . '/..') . '/includes/init.php';
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
if (isset($options['v'])) {
refactor: LDAP debug output (#8434) * LDAP debug Updated LDAP and AD docs ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2. ad was using auth_ad_timeout incorrectly (1 I think) * Add option to list all users.
2018-03-29 10:40:27 +00:00
// Enable debug mode for auth methods that have it
Use Config helper (#10339) remove usage of global variable
2019-06-23 05:29:12 +00:00
Config::set('auth_ad_debug', 1);
Config::set('auth_ldap_debug', 1);
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
Use Config helper (#10339) remove usage of global variable
2019-06-23 05:29:12 +00:00
echo "Authentication Method: " . Config::get('auth_mechanism') . PHP_EOL;
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
// if ldap like, check selinux
Use Config helper (#10339) remove usage of global variable
2019-06-23 05:29:12 +00:00
if (Config::get('auth_mechanism') == 'ldap' || Config::get('auth_mechanism') == "active_directory") {
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
$enforce = shell_exec('getenforce 2>/dev/null');
if (str_contains($enforce, 'Enforcing')) {
// has selinux
$output = shell_exec('getsebool httpd_can_connect_ldap');
if ($output != "httpd_can_connect_ldap --> on\n") {
print_error("You need to run: setsebool -P httpd_can_connect_ldap=1");
exit;
}
}
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
try {
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
$authorizer = LegacyAuth::get();
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
// AD bind tests
if ($authorizer instanceof \LibreNMS\Authentication\ActiveDirectoryAuthorizer) {
// peek inside the class
$lc_rp = new ReflectionProperty($authorizer, 'ldap_connection');
$lc_rp->setAccessible(true);
refactor: AD Auth defer connection until it is needed (#7768) * refactor: AD Auth defer connection until it is needed Nice error if php-ldap is missing instead of http 500. * Add the same error when ldap is missing to other auth methods. Not as graceful looking in the authorizers since they do not defer connection.
2017-11-28 15:19:34 +00:00
$adbind_rm = new ReflectionMethod($authorizer, 'bind');
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
$adbind_rm->setAccessible(true);
$bind_success = false;
Use Config helper (#10339) remove usage of global variable
2019-06-23 05:29:12 +00:00
if (Config::has('auth_ad_binduser') && Config::has('auth_ad_bindpassword')) {
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
$bind_success = $adbind_rm->invoke($authorizer, false, true);
if (!$bind_success) {
$ldap_error = ldap_error($lc_rp->getValue($authorizer));
echo $ldap_error . PHP_EOL;
if ($ldap_error == 'Invalid credentials') {
Use Config helper (#10339) remove usage of global variable
2019-06-23 05:29:12 +00:00
print_error('AD bind failed for user ' . Config::get('auth_ad_binduser') . '@' . Config::get('auth_ad_domain') .
'. Check \'auth_ad_binduser\' and \'auth_ad_bindpassword\' in your config');
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
}
} else {
print_message('AD bind success');
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
} else {
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
$bind_success = $adbind_rm->invoke($authorizer, true, true);
if (!$bind_success) {
echo ldap_error($lc_rp->getValue($authorizer)) . PHP_EOL;
print_message("Could not anonymous bind to AD");
} else {
print_message('AD bind anonymous successful');
}
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
if (!$bind_success) {
print_error("Could not bind to AD, you will not be able to use the API or alert AD users");
}
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
refactor: LDAP debug output (#8434) * LDAP debug Updated LDAP and AD docs ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2. ad was using auth_ad_timeout incorrectly (1 I think) * Add option to list all users.
2018-03-29 10:40:27 +00:00
if (isset($options['l'])) {
$users = $authorizer->getUserlist();
Display user id for auth_test.php -l (#9066) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
2018-08-24 08:05:23 +00:00
$output = array_map(function ($user) {
return "{$user['username']} ({$user['user_id']})";
}, $users);
echo "Users: " . implode(', ', $output) . PHP_EOL;
refactor: LDAP debug output (#8434) * LDAP debug Updated LDAP and AD docs ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2. ad was using auth_ad_timeout incorrectly (1 I think) * Add option to list all users.
2018-03-29 10:40:27 +00:00
echo "Total users: " . count($users) . PHP_EOL;
exit;
}
$test_username = $options['u'];
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
$auth = false;
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
echo 'Password: ';
`stty -echo`;
$test_password = trim(fgets(STDIN));
`stty echo`;
echo PHP_EOL;
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
echo "Authenticate user $test_username: \n";
Prevent credentials from being leaked in backtrace in some instances (#9817) * Prevent credentials from being leak in backtrace in some instances Particularly before the user is authenticated * fix test
2019-03-05 06:24:14 +00:00
$auth = $authorizer->authenticate(['username' => $test_username, 'password' => $test_password]);
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
unset($test_password);
if ($auth) {
print_message("AUTH SUCCESS\n");
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
} else {
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
if (isset($ldap_connection)) {
echo ldap_error($ldap_connection) . PHP_EOL;
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql
2018-09-11 12:51:35 +00:00
print_error('AUTH FAILURE');
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
if ($auth) {
$user_id = $authorizer->getUserid($test_username);
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
echo "User ($user_id):\n";
if (method_exists($authorizer, 'getUser')) {
$user = $authorizer->getUser($user_id);
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
unset($user['password']);
unset($user['remember_token']);
foreach ($user as $property => $value) {
echo " $property => $value\n";
}
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
if (method_exists($authorizer, 'getGroupList')) {
echo 'Groups: ' . implode('; ', $authorizer->getGroupList()) . PHP_EOL;
}
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
2017-11-18 10:33:03 +00:00
} catch (Exception $e) {
echo "Error: " . get_class($e) . " thrown!\n";
echo $e->getMessage() . PHP_EOL;
feature: bind user for active_directory auth (#6255) * feature: bind user for active_directory auth Optional, allows the use of "remember me", API, and alerting. * missing global (but still may not be working) * always return a value from reauthenticate() * Make sure the ldapbind credentials are correct on reauth. Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc. Add scripts/auth_test.php, to make it easier to debug authentication. * Refine auth_test.php a bit more A few small cleanups in other places of the auth * Add auth_test.php to docs Some more improvements in the auth_test.php output. * Update Authentication.md
2017-03-29 13:22:02 +00:00
}
Reference in New Issue Copy Permalink