MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Add support for disabling the retention of IP addresses used to access API via an AuthKey

pull/9339/head
Sid Odgers 2023-10-17 15:57:30 +11:00
parent f1d14be615
commit 4f0cab086e
4 changed files with 38 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
app/Model/AuthKey.php
View File

@ -189,18 +189,20 @@ class AuthKey extends AppModel
foreach ($possibleAuthkeys as $possibleAuthkey) {
if ($passwordHasher->check($authkey, $possibleAuthkey['AuthKey']['authkey'])) { // valid authkey
// store IP in db if not there yet
$remote_ip = $this->_remoteIp();
$update_db_ip = true;
if (in_array($remote_ip, $possibleAuthkey['AuthKey']['unique_ips'])) {
$update_db_ip = false; // IP already seen, skip saving in DB
} else { // first time this IP is seen for this API key
$possibleAuthkey['AuthKey']['unique_ips'][] = $remote_ip;
}
if ($update_db_ip) {
// prevent double entries due to race condition
$possibleAuthkey['AuthKey']['unique_ips'] = array_unique($possibleAuthkey['AuthKey']['unique_ips']);
// save in db
$this->save($possibleAuthkey, ['fieldList' => ['unique_ips']]);
if(Configure::read("MISP.remember_seen_ips_authkeys")) {
$remote_ip = $this->_remoteIp();
$update_db_ip = true;
if (in_array($remote_ip, $possibleAuthkey['AuthKey']['unique_ips'])) {
$update_db_ip = false; // IP already seen, skip saving in DB
} else { // first time this IP is seen for this API key
$possibleAuthkey['AuthKey']['unique_ips'][] = $remote_ip;
}
if ($update_db_ip) {
// prevent double entries due to race condition
$possibleAuthkey['AuthKey']['unique_ips'] = array_unique($possibleAuthkey['AuthKey']['unique_ips']);
// save in db
$this->save($possibleAuthkey, ['fieldList' => ['unique_ips']]);
}
}
// fetch user
$user = $this->User->getAuthUser($possibleAuthkey['AuthKey']['user_id']);

8
app/Model/Server.php
View File

@ -5701,6 +5701,14 @@ class Server extends AppModel
'type' => 'boolean',
'null' => true
],
'remember_seen_ips_authkeys' => [
'level' => self::SETTING_RECOMMENDED,
'description' => __('Store IP addresses used to make API calls with an AuthKey against this AuthKey in the database.'),
'value' => false,
'test' => 'testBool',
'type' => 'boolean',
'null' => true
],
'log_new_audit' => [
'level' => self::SETTING_RECOMMENDED,
'description' => __('Enable new audit log system.'),

13
app/View/AuthKeys/index.ctp
View File

@ -3,6 +3,13 @@
if (!$advancedEnabled) {
echo '<div class="alert">' . __('Advanced auth keys are not enabled.') . '</div>';
}
$seenIPsField = Configure::read("MISP.remember_seen_ips_authkeys") ? [
[
'name' => __('Seen IPs'),
'data_path' => 'AuthKey.unique_ips',
'element' => 'authkey_pin',
]
] : [];
echo $this->element('genericElements/IndexTable/index_table', [
'data' => [
'data' => $data,
@ -73,11 +80,7 @@
'name' => __('Allowed IPs'),
'data_path' => 'AuthKey.allowed_ips',
],
[
'name' => __('Seen IPs'),
'data_path' => 'AuthKey.unique_ips',
'element' => 'authkey_pin',
]
...$seenIPsField
],
'title' => empty($ajax) ? __('Authentication key Index') : false,
'description' => empty($ajax) ? __('A list of API keys bound to a user.') : false,

13
app/View/AuthKeys/view.ctp
View File

@ -15,6 +15,13 @@ if (isset($keyUsage)) {
$uniqueIps = null;
}
$seenIPsField = Configure::read("MISP.remember_seen_ips_authkeys") ? [
[
'key' => __('Seen IPs'),
'path' => 'AuthKey.unique_ips',
'type' => 'authkey_pin'
]
] : [];
echo $this->element('genericElements/SingleViews/single_view', [
'title' => 'Auth key view',
'data' => $data,
@ -82,10 +89,6 @@ echo $this->element('genericElements/SingleViews/single_view', [
'raw' => $lastUsed ? $this->Time->time($lastUsed) : __('Not used yet'),
'requirement' => isset($keyUsage),
],
[
'key' => __('Seen IPs'),
'path' => 'AuthKey.unique_ips',
'type' => 'authkey_pin'
]
...$seenIPsField
],
]);