mirror of https://github.com/MISP/MISP
Allow new authentication keys to be replaced
parent
06ffb920e0
commit
4c2d39532b
|
@ -78,6 +78,7 @@ class UserShell extends AppShell
|
|||
'parser' => [
|
||||
'arguments' => [
|
||||
'userId' => ['help' => __('User ID or e-mail address.'), 'required' => true],
|
||||
'authKey' => ['help' => __('Optional new authentication key.'), 'required' => false],
|
||||
],
|
||||
],
|
||||
]);
|
||||
|
@ -334,12 +335,24 @@ class UserShell extends AppShell
|
|||
|
||||
public function change_authkey()
|
||||
{
|
||||
list($userId) = $this->args;
|
||||
$newkey = null;
|
||||
if (isset($this->args[1])) {
|
||||
list($userId, $newkey) = $this->args;
|
||||
} else {
|
||||
list($userId) = $this->args;
|
||||
}
|
||||
$user = $this->getUser($userId);
|
||||
|
||||
# validate new authentication key if provided
|
||||
if (!empty($newkey) && (strlen($newkey) != 40 || !ctype_alnum($newkey))) {
|
||||
$this->error('The new auth key needs to be 40 characters long and only alphanumeric.');
|
||||
}
|
||||
|
||||
if (empty(Configure::read('Security.advanced_authkeys'))) {
|
||||
$oldKey = $user['authkey'];
|
||||
$newkey = $this->User->generateAuthKey();
|
||||
if (empty($newkey)) {
|
||||
$newkey = $this->User->generateAuthKey();
|
||||
}
|
||||
$this->User->updateField($user, 'authkey', $newkey);
|
||||
$this->Log->createLogEntry('SYSTEM', 'reset_auth_key', 'User', $user['id'],
|
||||
__('Authentication key for user %s (%s) updated.', $user['id'], $user['email']),
|
||||
|
@ -347,7 +360,7 @@ class UserShell extends AppShell
|
|||
);
|
||||
$this->out("Authentication key changed to: $newkey");
|
||||
} else {
|
||||
$newkey = $this->User->AuthKey->resetAuthKey($user['id']);
|
||||
$newkey = $this->User->AuthKey->resetAuthKey($user['id'], null, $newkey);
|
||||
if ($newkey) {
|
||||
$this->out("Old authentication keys disabled and new key created: $newkey");
|
||||
} else {
|
||||
|
|
|
@ -205,10 +205,11 @@ class AuthKey extends AppModel
|
|||
/**
|
||||
* @param int $userId
|
||||
* @param int|null $keyId
|
||||
* @param string|null $authKey
|
||||
* @return false|string
|
||||
* @throws Exception
|
||||
*/
|
||||
public function resetAuthKey($userId, $keyId = null)
|
||||
public function resetAuthKey($userId, $keyId = null, $authKey = null)
|
||||
{
|
||||
$time = time();
|
||||
|
||||
|
@ -229,7 +230,7 @@ class AuthKey extends AppModel
|
|||
}
|
||||
$comment = __("Created by resetting auth key %s\n%s", $keyId, $currentAuthkey['AuthKey']['comment']);
|
||||
$allowedIps = isset($currentAuthkey['AuthKey']['allowed_ips']) ? $currentAuthkey['AuthKey']['allowed_ips'] : [];
|
||||
return $this->createnewkey($userId, $comment, $allowedIps);
|
||||
return $this->createnewkey($userId, $authKey, $comment, $allowedIps);
|
||||
} else {
|
||||
$existingAuthkeys = $this->find('all', [
|
||||
'recursive' => -1,
|
||||
|
@ -245,21 +246,25 @@ class AuthKey extends AppModel
|
|||
$key['AuthKey']['expiration'] = $time;
|
||||
$this->save($key);
|
||||
}
|
||||
return $this->createnewkey($userId);
|
||||
return $this->createnewkey($userId, $authKey);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param int $userId
|
||||
* @param string|null $authKey
|
||||
* @param string $comment
|
||||
* @param array $allowedIps
|
||||
* @return false|string
|
||||
* @throws Exception
|
||||
*/
|
||||
public function createnewkey($userId, $comment = '', array $allowedIps = [])
|
||||
public function createnewkey($userId, $authKey = null, $comment = '', array $allowedIps = [])
|
||||
{
|
||||
if(empty($authKey)) {
|
||||
$authKey = (new RandomTool())->random_str(true, 40);
|
||||
}
|
||||
$newKey = [
|
||||
'authkey' => (new RandomTool())->random_str(true, 40),
|
||||
'authkey' => $authKey,
|
||||
'user_id' => $userId,
|
||||
'comment' => $comment,
|
||||
'allowed_ips' => empty($allowedIps) ? null : $allowedIps,
|
||||
|
|
Loading…
Reference in New Issue