mirror of https://github.com/MISP/MISP
chg: [auth] group authentication code
Christophe Vandeplas
parent
b074a4c1d9
commit
827bf50f3c
|
|
@ -152,20 +152,25 @@ class AppController extends Controller
|
|||
}
|
||||
|
||||
$this->User = ClassRegistry::init('User');
|
||||
if ($this->Auth->user()) {
|
||||
if ($this->User->checkForSessionDestruction($this->Auth->user('id'))) {
|
||||
$this->Auth->logout();
|
||||
$this->Session->destroy();
|
||||
$message = __('User deauthenticated on administrator request. Please reauthenticate.');
|
||||
if ($this->_isRest()) {
|
||||
throw new ForbiddenException($message);
|
||||
} else {
|
||||
$this->Flash->warning($message);
|
||||
$this->_redirectToLogin();
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($this->request->params['named']['disable_background_processing'])) {
|
||||
Configure::write('MISP.background_jobs', 0);
|
||||
}
|
||||
|
||||
Configure::write('CurrentController', $controller);
|
||||
Configure::write('CurrentAction', $action);
|
||||
$versionArray = $this->User->checkMISPVersion();
|
||||
$this->mispVersion = implode('.', $versionArray);
|
||||
$this->Security->blackHoleCallback = 'blackHole';
|
||||
|
||||
// send users away that are using ancient versions of IE
|
||||
// Make sure to update this if IE 20 comes out :)
|
||||
if (isset($_SERVER['HTTP_USER_AGENT'])) {
|
||||
if (preg_match('/(?i)msie [2-8]/', $_SERVER['HTTP_USER_AGENT']) && !strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) {
|
||||
throw new MethodNotAllowedException('You are using an unsecure and outdated version of IE, please download Google Chrome, Mozilla Firefox or update to a newer version of IE. If you are running IE9 or newer and still receive this error message, please make sure that you are not running your browser in compatibility mode. If you still have issues accessing the site, get in touch with your administration team at ' . Configure::read('MISP.contact'));
|
||||
}
|
||||
}
|
||||
|
||||
// For fresh installation (salt empty) generate a new salt
|
||||
if (!Configure::read('Security.salt')) {
|
||||
$this->User->Server->serverSettingsSaveValue('Security.salt', $this->User->generateRandomPassword(32));
|
||||
|
|
@ -176,6 +181,10 @@ class AppController extends Controller
|
|||
$this->User->Server->serverSettingsSaveValue('MISP.uuid', CakeText::uuid());
|
||||
}
|
||||
|
||||
/**
|
||||
* Authentication related activities
|
||||
*/
|
||||
|
||||
// Check if Apache provides kerberos authentication data
|
||||
$authUserFields = $this->User->describeAuthFields();
|
||||
$envvar = Configure::read('ApacheSecureAuth.apacheEnv');
|
||||
|
|
@ -191,22 +200,7 @@ class AppController extends Controller
|
|||
} else {
|
||||
$this->Auth->authenticate[AuthComponent::ALL]['userFields'] = $authUserFields;
|
||||
}
|
||||
if (!empty($this->request->params['named']['disable_background_processing'])) {
|
||||
Configure::write('MISP.background_jobs', 0);
|
||||
}
|
||||
Configure::write('CurrentController', $controller);
|
||||
Configure::write('CurrentAction', $action);
|
||||
$versionArray = $this->User->checkMISPVersion();
|
||||
$this->mispVersion = implode('.', $versionArray);
|
||||
$this->Security->blackHoleCallback = 'blackHole';
|
||||
|
||||
// send users away that are using ancient versions of IE
|
||||
// Make sure to update this if IE 20 comes out :)
|
||||
if (isset($_SERVER['HTTP_USER_AGENT'])) {
|
||||
if (preg_match('/(?i)msie [2-8]/', $_SERVER['HTTP_USER_AGENT']) && !strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) {
|
||||
throw new MethodNotAllowedException('You are using an unsecure and outdated version of IE, please download Google Chrome, Mozilla Firefox or update to a newer version of IE. If you are running IE9 or newer and still receive this error message, please make sure that you are not running your browser in compatibility mode. If you still have issues accessing the site, get in touch with your administration team at ' . Configure::read('MISP.contact'));
|
||||
}
|
||||
}
|
||||
|
||||
$userLoggedIn = false;
|
||||
if (Configure::read('Plugin.CustomAuth_enable')) {
|
||||
$userLoggedIn = $this->__customAuthentication($_SERVER);
|
||||
|
|
@ -528,12 +522,24 @@ class AppController extends Controller
|
|||
}
|
||||
$this->Flash->info($message);
|
||||
$this->Auth->logout();
|
||||
throw new MethodNotAllowedException($message);//todo this should pb be removed?
|
||||
$this->_redirectToLogin();
|
||||
return false;
|
||||
} else {
|
||||
$this->Flash->error(__('Warning: MISP is currently disabled for all users. Enable it in Server Settings (Administration -> Server Settings -> MISP tab -> live). An update might also be in progress, you can see the progress in ') , array('params' => array('url' => $this->baseurl . '/servers/updateProgress/', 'urlName' => __('Update Progress')), 'clear' => 1));
|
||||
}
|
||||
}
|
||||
|
||||
// kill existing sessions for a user if the admin/instance decides so
|
||||
// exclude API authentication as it doesn't make sense
|
||||
if (!$this->isApiAuthed && $this->User->checkForSessionDestruction($user['id'])) {
|
||||
$this->Auth->logout();
|
||||
$this->Session->destroy();
|
||||
$message = __('User deauthenticated on administrator request. Please reauthenticate.');
|
||||
$this->Flash->warning($message);
|
||||
$this->_redirectToLogin();
|
||||
return false;
|
||||
}
|
||||
|
||||
// Force logout doesn't make sense for API key authentication
|
||||
if (!$this->isApiAuthed && $user['force_logout']) {
|
||||
$this->User->id = $user['id'];
|
||||
|
|
|
|||
Loading…
Reference in New Issue