MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hotfix-2.3.67'

pull/516/head v2.3.67
iglocska 2015-05-20 16:35:38 +02:00
parent d472fa8833 85e52810a4
commit 4382269454
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":66}
{"major":2, "minor":3, "hotfix":67}

29
app/Controller/AppController.php
View File

@ -89,26 +89,30 @@ class AppController extends Controller {
$this->Security->csrfCheck = false;
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$found_misp_auth_key = false;
$authentication = explode(',', $_SERVER['HTTP_AUTHORIZATION']);
$user = false;
foreach ($authentication as $auth_key) {
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
$found_misp_auth_key = true;
$user = $this->checkAuthUser(trim($auth_key));
continue;
}
}
if ($user) {
unset($user['User']['gpgkey']);
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
if ($found_misp_auth_key) {
if ($user) {
unset($user['User']['gpgkey']);
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
}
unset($user);
}
unset($user);
}
} else if(!$this->Session->read(AuthComponent::$sessionKey)) {
// load authentication plugins from Configure::read('Security.auth')
@ -190,7 +194,8 @@ class AppController extends Controller {
public $userRole = null;
protected function _isJson(){
protected function _isJson($data=false){
if ($data) return (json_decode($data) != NULL) ? true : false;
return $this->request->header('Accept') === 'application/json';
}