MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [advanced authkey] system

pull/6585/head
iglocska 2020-11-11 10:46:38 +01:00
parent cd1217b36e
commit 5b256405c0
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
4 changed files with 123 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/AuthKeysController.php
View File

@ -42,16 +42,17 @@ class AuthKeysController extends AppController
if ($this->IndexFilter->isRest()) {
return $this->restResponsePayload;
}
$this->set('metaGroup', 'admin');
$this->set('metaGroup', $this->_isAdmin ? 'admin' : 'globalActions');
$this->set('metaAction', 'authkeys_index');
}
public function delete($id)
{
$params = [];
if (!$isAdmin()) {
$params['conditions'] = ['user_id' => $this->Auth->user('id')];
}
$this->CRUD->delete($id);
$this->CRUD->delete($id, $params);
if ($this->IndexFilter->isRest()) {
return $this->restResponsePayload;
}

8
app/Controller/Component/ACLComponent.php
View File

@ -72,6 +72,13 @@ class ACLComponent extends Component
'view' => array('*'),
'viewPicture' => array('*'),
),
'authKeys' => [
'add' => ['perm_auth'],
'delete' => ['perm_auth'],
'edit' => ['perm_auth'],
'index' => ['perm_auth'],
'view' => ['perm_auth']
],
'dashboards' => array(
'getForm' => array('*'),
'index' => array('*'),
@ -631,6 +638,7 @@ class ACLComponent extends Component
'tagStatisticsGraph' => array('*'),
'terms' => array('*'),
'updateLoginTime' => array('*'),
'updateToAdvancedAuthKeys' => array(),
'verifyCertificate' => array(),
'verifyGPG' => array(),
'view' => array('*'),

3
app/Controller/UsersController.php
View File

@ -87,6 +87,7 @@ class UsersController extends AppController
return $this->RestResponse->viewData($this->__massageUserObject($user), $this->response->type());
} else {
$this->set('user', $user);
$this->set('admin_view', false);
}
}
@ -616,6 +617,8 @@ class UsersController extends AppController
$user2 = $this->User->find('first', array('conditions' => array('User.id' => $user['User']['invited_by']), 'recursive' => -1));
$this->set('id', $id);
$this->set('user2', $user2);
$this->set('admin_view', true);
$this->render('view');
}
}

128
app/View/Users/view.ctp
View File

@ -1,36 +1,83 @@
<?php
$table_data = array();
$table_data[] = array('key' => __('ID'), 'value' => $user['User']['id']);
$table_data[] = array('key' => __('Email'), 'value' => $user['User']['email']);
$table_data[] = array('key' => __('Organisation'), 'value' => $user['Organisation']['name']);
$table_data[] = array(
'key' => __('Email'),
'html' => sprintf(
'%s <a class="fas fa-envelope" style="color: #333" href="%s/admin/users/quickEmail/%s" title="%s"></a>',
h($user['User']['email']),
$baseurl,
h($user['User']['id']),
__('Send email to user')
)
);
$table_data[] = array(
'key' => __('Organisation'),
'html' => sprintf(
'<a href="%s/organisations/view/%s">%s</a>',
$baseurl,
h($user['Organisation']['id']),
h($user['Organisation']['name'])
)
);
$table_data[] = array('key' => __('Role'), 'html' => $this->Html->link($user['Role']['name'], array('controller' => 'roles', 'action' => 'view', $user['Role']['id'])));
$table_data[] = array('key' => __('Autoalert'), 'boolean' => $user['User']['autoalert']);
$table_data[] = array('key' => __('Contactalert'), 'boolean' => $user['User']['contactalert']);
$authkey_data = sprintf(
'<a onclick="requestAPIAccess();" style="cursor:pointer;">%s</a>',
'<a onclick="requestAPIAccess();" style="cursor:pointer;"></a>',
__('Request API access')
);
if ($user['Role']['perm_auth']) {
if (empty(Configure::read('Security.advanced_authkeys'))) {
$authkey_data = sprintf(
'<span class="privacy-value quickSelect authkey" data-hidden-value="%s">****************************************</span>&nbsp;<i class="privacy-toggle fas fa-eye useCursorPointer" title="%s"></i>%s',
h($user['User']['authkey']),
__('Reveal hidden value'),
(Configure::read('MISP.disableUserSelfManagement') && !$isAdmin) ? '' :
sprintf(
' (%s)',
$this->Form->postLink(__('reset'), array('action' => 'resetauthkey', $user['User']['id']))
sprintf(
' (%s)',
$this->Form->postLink(__('reset'), array('action' => 'resetauthkey', $user['User']['id']))
)
);
$table_data[] = array(
'key' => __('Authkey'),
'html' => $authkey_data
);
}
)
if (Configure::read('Plugin.CustomAuth_enable') && !empty($user['User']['external_auth_key'])) {
$header = Configure::read('Plugin.CustomAuth_header') ?: 'Authorization';
$table_data[] = array(
'key' => __('Customauth header'),
'html' => sprintf(
'%s: <span class="green bold">%s</span>',
h($header),
h($user['User']['external_auth_key'])
)
);
}
$table_data[] = array(
'key' => __('Authkey'),
'html' => $authkey_data
'key' => __('Invited By'),
'html' => empty($user2['User']['email']) ? 'N/A' : sprintf('<a href="%s/admin/users/view/%s">%s</a>', $baseurl, h($user2['User']['id']), h($user2['User']['email'])),
);
$org_admin_data = array();
if ($admin_view) {
foreach ($user['User']['orgAdmins'] as $orgAdminId => $orgAdminEmail) {
$org_admin_data[] = sprintf(
'<a href="%s/admin/users/view/%s">%s</a> <a class="fas fa-envelope" style="color: #333" href="%s/admin/users/quickEmail/%s" title="%s"></a>',
$baseurl,
h($orgAdminId),
h($orgAdminEmail),
$baseurl,
h($orgAdminId),
__('Send email to user')
);
}
$table_data[] = array('key' => __('Org admin'), 'html' => implode('<br>', $org_admin_data));
}
$table_data[] = array('key' => __('NIDS Start SID'), 'value' => $user['User']['nids_sid']);
$table_data[] = array('key' => __('Terms accepted'), 'boolean' => $user['User']['termsaccepted']);
$table_data[] = array('key' => __('Must change password'), 'boolean' => $user['User']['change_pw']);
$table_data[] = array(
'key' => __('GnuPG key'),
'key' => __('PGP key'),
'element' => 'genericElements/key',
'element_params' => array('key' => $user['User']['gpgkey']),
);
@ -38,12 +85,12 @@
$table_data[] = array(
'key' => __('GnuPG fingerprint'),
'class_value' => "quickSelect bold " . $user['User']['gpgkey'] ? 'green' : 'bold red',
'html' => $user['User']['fingerprint'] ? chunk_split(h($user['User']['fingerprint']), 4, ' ') : 'N/A'
'value' => $user['User']['fingerprint'] ? chunk_split($user['User']['fingerprint'], 4, ' ') : 'N/A'
);
$table_data[] = array(
'key' => __('GnuPG status'),
'class_value' => "bold" . (empty($user['User']['pgp_status']) || $user['User']['pgp_status'] != 'OK') ? 'red': 'green',
'html' => !empty($user['User']['pgp_status']) ? h($user['User']['pgp_status']) : 'N/A'
'value' => !empty($user['User']['pgp_status']) ? $user['User']['pgp_status'] : 'N/A'
);
}
if (Configure::read('SMIME.enabled')) {
@ -53,18 +100,61 @@
'element_params' => array('key' => $user['User']['certif_public']),
);
}
$table_data[] = array(
'key' => __('News read at'),
'value' => $user['User']['newsread'] ? date('Y-m-d H:i:s', $user['User']['newsread']) : __('N/A')
);
$table_data[] = array(
'key' => __('Disabled'),
'class' => empty($user['User']['disabled']) ? '' : 'background-red',
'boolean' => $user['User']['disabled']
);
echo $this->element('genericElements/assetLoader', array(
'css' => array('vis', 'distribution-graph'),
'js' => array('vis', 'network-distribution-graph')
));
$current_menu = [
'admin_view' => ['menuList' => 'admin', 'menuItem' => 'viewUser'],
'view' => ['menuList' => 'globalActions', 'menuItem' => 'view']
];
echo sprintf(
'<div class="users view"><div class="row-fluid"><div class="span8" style="margin:0px;">%s</div></div>%s</div>%s',
'<div class="users view"><div class="row-fluid"><div class="span8" style="margin:0px;">%s</div></div>%s<div style="margin-top:20px;">%s%s</div></div>%s',
sprintf(
'<h2>%s</h2>%s',
__('User %s', h($user['User']['email'])),
$this->element('genericElements/viewMetaTable', array('table_data' => $table_data))
),
sprintf(
'<a href="%s" class="btn btn-inverse" download>%s</a>',
$baseurl . '/users/view/me.json',
'<br><a href="%s" class="btn btn-inverse" download>%s</a>',
sprintf(
'%s/users/view/%s.json',
$baseurl,
h($user['User']['id'])
),
__('Download user profile for data portability')
),
$this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'globalActions', 'menuItem' => 'view'))
$me['Role']['perm_auth'] ? $this->element('/genericElements/accordion', array('title' => 'Authkeys', 'url' => '/auth_keys/index/' . h($user['User']['id']))) : '',
$this->element('/genericElements/accordion', array('title' => 'Events', 'url' => '/events/index/searchemail:' . urlencode(h($user['User']['email'])))),
$this->element('/genericElements/SideMenu/side_menu', $current_menu[$admin_view ? 'admin_view' : 'view'])
);
?>
<script type="text/javascript">
$(function () {
$.ajax({
url: '<?php echo $baseurl . "/events/index/searchemail:" . urlencode(h($user['User']['email'])); ?>',
type:'GET',
beforeSend: function () {
$(".loading").show();
},
error: function(){
$('#userEvents').html('An error has occurred, please reload the page.');
},
success: function(response){
$('#userEvents').html(response);
},
complete: function() {
$(".loading").hide();
}
});
});
</script>