MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: Added a way to disable the default HTTP_ header namespace or to alter it to something else for the custom auth plugin

pull/1617/merge
Iglocska 2016-10-20 16:25:45 +02:00
parent 28635abd0a
commit 0695efe81b
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controller/AppController.php
View File

@ -588,7 +588,8 @@ class AppController extends Controller {
$header = Configure::read('Plugin.CustomAuth_header') ? Configure::read('Plugin.CustomAuth_header') : 'Authorization';
$header = strtoupper($header);
$authName = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
if (isset($server['HTTP_' . $header]) && !empty($server['HTTP_' . $header])) {
$headerNamespace = Configure::read('Plugin.CustomAuth_use_header_namespace') ? (Configure::read('Plugin.CustomAuth_header_namespace') ? Configure::read('Plugin.CustomAuth_header_namespace') : 'HTTP_') : '';
if (isset($server[$headerNamespace . $header]) && !empty($server[$headerNamespace . $header])) {
if (Configure::read('Plugin.CustomAuth_only_allow_source') && Configure::read('Plugin.CustomAuth_only_allow_source') !== $server['REMOTE_ADDR']) {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
@ -598,13 +599,13 @@ class AppController extends Controller {
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'auth_fail',
'title' => 'Failed authentication using external key (' . trim($server['HTTP_' . $header]) . ') - the user has not arrived from the expected address. Instead the request came from: ' . $server['REMOTE_ADDR'],
'title' => 'Failed authentication using external key (' . trim($server[$headerNamespace . $header]) . ') - the user has not arrived from the expected address. Instead the request came from: ' . $server['REMOTE_ADDR'],
'change' => null,
);
$this->Log->save($log);
$this->__preAuthException($authName . ' authentication failed. Contact your MISP support for additional information at: ' . Configure::read('MISP.contact'));
}
$temp = $this->checkExternalAuthUser($server['HTTP_' . $header]);
$temp = $this->checkExternalAuthUser($server[$headerNamespace . $header]);
$user['User'] = $temp;
if ($user['User']) {
unset($user['User']['gpgkey']);
@ -638,7 +639,7 @@ class AppController extends Controller {
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'auth_fail',
'title' => 'Failed authentication using external key (' . trim($server['HTTP_' . $header]) . ')',
'title' => 'Failed authentication using external key (' . trim($server[$headerNamespace . $header]) . ')',
'change' => null,
);
$this->Log->save($log);

18
app/Model/Server.php
View File

@ -1030,6 +1030,24 @@ class Server extends AppModel {
'type' => 'string',
'null' => true
),
'CustomAuth_use_header_namespace' => array(
'level' => 2,
'description' => 'Use a header namespace for the auth header - default setting is enabled',
'value' => true,
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean',
'null' => true
),
'CustomAuth_header_namespace' => array(
'level' => 2,
'description' => 'The default header namespace for the auth header - default setting is HTTP_',
'value' => 'HTTP_',
'errorMessage' => '',
'test' => 'testForEmpty',
'type' => 'string',
'null' => true
),
'CustomAuth_required' => array(
'level' => 2,
'description' => 'If this setting is enabled then the only way to authenticate will be using the custom header. Altnertatively you can run in mixed mode that will log users in via the header if found, otherwise users will be redirected to the normal login page.',