mirror of https://github.com/MISP/MISP
Add support for disabling the retention of IP addresses used to access API via an AuthKey
parent
f1d14be615
commit
4f0cab086e
|
@ -189,18 +189,20 @@ class AuthKey extends AppModel
|
|||
foreach ($possibleAuthkeys as $possibleAuthkey) {
|
||||
if ($passwordHasher->check($authkey, $possibleAuthkey['AuthKey']['authkey'])) { // valid authkey
|
||||
// store IP in db if not there yet
|
||||
$remote_ip = $this->_remoteIp();
|
||||
$update_db_ip = true;
|
||||
if (in_array($remote_ip, $possibleAuthkey['AuthKey']['unique_ips'])) {
|
||||
$update_db_ip = false; // IP already seen, skip saving in DB
|
||||
} else { // first time this IP is seen for this API key
|
||||
$possibleAuthkey['AuthKey']['unique_ips'][] = $remote_ip;
|
||||
}
|
||||
if ($update_db_ip) {
|
||||
// prevent double entries due to race condition
|
||||
$possibleAuthkey['AuthKey']['unique_ips'] = array_unique($possibleAuthkey['AuthKey']['unique_ips']);
|
||||
// save in db
|
||||
$this->save($possibleAuthkey, ['fieldList' => ['unique_ips']]);
|
||||
if(Configure::read("MISP.remember_seen_ips_authkeys")) {
|
||||
$remote_ip = $this->_remoteIp();
|
||||
$update_db_ip = true;
|
||||
if (in_array($remote_ip, $possibleAuthkey['AuthKey']['unique_ips'])) {
|
||||
$update_db_ip = false; // IP already seen, skip saving in DB
|
||||
} else { // first time this IP is seen for this API key
|
||||
$possibleAuthkey['AuthKey']['unique_ips'][] = $remote_ip;
|
||||
}
|
||||
if ($update_db_ip) {
|
||||
// prevent double entries due to race condition
|
||||
$possibleAuthkey['AuthKey']['unique_ips'] = array_unique($possibleAuthkey['AuthKey']['unique_ips']);
|
||||
// save in db
|
||||
$this->save($possibleAuthkey, ['fieldList' => ['unique_ips']]);
|
||||
}
|
||||
}
|
||||
// fetch user
|
||||
$user = $this->User->getAuthUser($possibleAuthkey['AuthKey']['user_id']);
|
||||
|
|
|
@ -5701,6 +5701,14 @@ class Server extends AppModel
|
|||
'type' => 'boolean',
|
||||
'null' => true
|
||||
],
|
||||
'remember_seen_ips_authkeys' => [
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('Store IP addresses used to make API calls with an AuthKey against this AuthKey in the database.'),
|
||||
'value' => false,
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
],
|
||||
'log_new_audit' => [
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('Enable new audit log system.'),
|
||||
|
|
|
@ -3,6 +3,13 @@
|
|||
if (!$advancedEnabled) {
|
||||
echo '<div class="alert">' . __('Advanced auth keys are not enabled.') . '</div>';
|
||||
}
|
||||
$seenIPsField = Configure::read("MISP.remember_seen_ips_authkeys") ? [
|
||||
[
|
||||
'name' => __('Seen IPs'),
|
||||
'data_path' => 'AuthKey.unique_ips',
|
||||
'element' => 'authkey_pin',
|
||||
]
|
||||
] : [];
|
||||
echo $this->element('genericElements/IndexTable/index_table', [
|
||||
'data' => [
|
||||
'data' => $data,
|
||||
|
@ -73,11 +80,7 @@
|
|||
'name' => __('Allowed IPs'),
|
||||
'data_path' => 'AuthKey.allowed_ips',
|
||||
],
|
||||
[
|
||||
'name' => __('Seen IPs'),
|
||||
'data_path' => 'AuthKey.unique_ips',
|
||||
'element' => 'authkey_pin',
|
||||
]
|
||||
...$seenIPsField
|
||||
],
|
||||
'title' => empty($ajax) ? __('Authentication key Index') : false,
|
||||
'description' => empty($ajax) ? __('A list of API keys bound to a user.') : false,
|
||||
|
|
|
@ -15,6 +15,13 @@ if (isset($keyUsage)) {
|
|||
$uniqueIps = null;
|
||||
}
|
||||
|
||||
$seenIPsField = Configure::read("MISP.remember_seen_ips_authkeys") ? [
|
||||
[
|
||||
'key' => __('Seen IPs'),
|
||||
'path' => 'AuthKey.unique_ips',
|
||||
'type' => 'authkey_pin'
|
||||
]
|
||||
] : [];
|
||||
echo $this->element('genericElements/SingleViews/single_view', [
|
||||
'title' => 'Auth key view',
|
||||
'data' => $data,
|
||||
|
@ -82,10 +89,6 @@ echo $this->element('genericElements/SingleViews/single_view', [
|
|||
'raw' => $lastUsed ? $this->Time->time($lastUsed) : __('Not used yet'),
|
||||
'requirement' => isset($keyUsage),
|
||||
],
|
||||
[
|
||||
'key' => __('Seen IPs'),
|
||||
'path' => 'AuthKey.unique_ips',
|
||||
'type' => 'authkey_pin'
|
||||
]
|
||||
...$seenIPsField
|
||||
],
|
||||
]);
|
||||
|
|
Loading…
Reference in New Issue