MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

add: migrate authkeys

pull/9215/head
Luciano Righetti 2023-07-27 11:27:54 +02:00
parent 085d1352a3
commit a16c34ce77
6 changed files with 91 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
src/Controller/AuthKeysController.php
View File

@ -3,9 +3,9 @@
namespace App\Controller;
use App\Controller\AppController;
use Cake\Core\Configure;
use Cake\Http\Exception\MethodNotAllowedException;
use Cake\ORM\Locator\LocatorAwareTrait;
use Cake\Core\Configure;
use Cake\Utility\Hash;
class AuthKeysController extends AppController
@ -30,7 +30,8 @@ class AuthKeysController extends AppController
}
$this->set('canCreateAuthkey', $canCreateAuthkey);
$keyUsageEnabled = Configure::read('MISP.log_user_ips') && Configure::read('MISP.log_user_ips_authkeys');
$this->CRUD->index([
$this->CRUD->index(
[
'filters' => ['Users.email', 'authkey_start', 'authkey_end', 'comment', 'Users.id'],
'quickFilters' => ['comment', 'authkey_start', 'authkey_end', 'Users.email'],
'conditions' => $conditions,
@ -49,17 +50,21 @@ class AuthKeysController extends AppController
}
return $authKeys;
}
]);
]
);
if ($this->ParamHandler->isRest()) {
return $this->restResponsePayload;
}
$this->set('title_for_layout', __('Auth Keys'));
$this->set('advancedEnabled', !empty(Configure::read('Security.advanced_authkeys')));
$this->set('keyUsageEnabled', $keyUsageEnabled);
$this->set('menuData', [
$this->set(
'menuData',
[
'menuList' => $this->isSiteAdmin() ? 'admin' : 'globalActions',
'menuItem' => 'authkeys_index',
]);
]
);
}
public function delete($id)
@ -67,10 +72,13 @@ class AuthKeysController extends AppController
if (!$this->__canEditAuthKey($id)) {
throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to interact with an authkey for the given user.'));
}
$this->CRUD->delete($id, [
$this->CRUD->delete(
$id,
[
'conditions' => $this->__prepareConditions(),
'contain' => ['User'],
]);
'contain' => ['Users'],
]
);
if ($this->ParamHandler->isRest()) {
return $this->restResponsePayload;
}
@ -81,27 +89,39 @@ class AuthKeysController extends AppController
if (!$this->__canEditAuthKey($id)) {
throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to interact with an authkey for the given user.'));
}
$this->CRUD->edit($id, [
$this->CRUD->edit(
$id,
[
'conditions' => $this->__prepareConditions(),
'afterFind' => function (\App\Model\Entity\AuthKey $authKey) {
return $authKey;
},
'fields' => ['comment', 'allowed_ips', 'expiration', 'read_only'],
'contain' => ['Users' => ['fields' => ['id', 'org_id']]]
]);
]
);
if ($this->ParamHandler->isRest()) {
return $this->restResponsePayload;
}
$this->set('dropdownData', [
'user' => $this->Users->find('list', [
$this->set(
'dropdownData',
[
'user' => $this->Users->find(
'list',
[
'sort' => ['username' => 'asc'],
'conditions' => ['id' => $this->entity['user_id']],
])
]);
$this->set('menuData', [
]
)
]
);
$this->set(
'menuData',
[
'menuList' => $this->isSiteAdmin() ? 'admin' : 'globalActions',
'menuItem' => 'authKeyAdd',
]);
]
);
$this->set('edit', true);
$this->set('validity', Configure::read('Security.advanced_authkeys_validity'));
$this->set('title_for_layout', __('Edit auth key'));
@ -144,29 +164,38 @@ class AuthKeysController extends AppController
return $this->restResponsePayload;
}
$dropdownData = [
'user' => $this->AuthKeys->Users->find('list', [
'user' => $this->AuthKeys->Users->find(
'list',
[
'sort' => ['username' => 'asc'],
'conditions' => $selectConditions,
])
]
)
];
$this->set(compact('dropdownData'));
$this->set('title_for_layout', __('Add auth key'));
$this->set('menuData', [
$this->set(
'menuData',
[
'menuList' => $this->isSiteAdmin() ? 'admin' : 'globalActions',
'menuItem' => 'authKeyAdd',
]);
]
);
$this->set('validity', Configure::read('Security.advanced_authkeys_validity'));
}
public function view($id = false)
{
$this->CRUD->view($id, [
$this->CRUD->view(
$id,
[
'contain' => ['Users' => ['fields' => ['id', 'email']]],
'conditions' => $this->__prepareConditions(),
'afterFind' => function (\App\Model\Entity\AuthKey $authKey) {
return $authKey;
}
]);
]
);
if ($this->ParamHandler->isRest()) {
return $this->restResponsePayload;
}
@ -179,10 +208,13 @@ class AuthKeysController extends AppController
}
$this->set('title_for_layout', __('Auth key'));
$this->set('menuData', [
$this->set(
'menuData',
[
'menuList' => $this->isSiteAdmin() ? 'admin' : 'globalActions',
'menuItem' => 'authKeyView',
]);
]
);
}
public function pin($id, $ip)
@ -241,7 +273,9 @@ class AuthKeysController extends AppController
return true; // site admin is OK for all
} else {
// org admin only for non-admin users and themselves
$user = $this->AuthKey->User->find('first', [
$user = $this->AuthKey->User->find(
'first',
[
'recursive' => -1,
'conditions' => [
'User.id' => $user_id,
@ -255,7 +289,8 @@ class AuthKeysController extends AppController
]
]
]
]);
]
);
if (
$user['Role']['perm_site_admin'] ||
($user['Role']['perm_admin'] && $user['User']['id'] !== $loggedUser->id) ||
@ -276,12 +311,15 @@ class AuthKeysController extends AppController
private function __canEditAuthKey($key_id)
{
$user_id = $this->AuthKeys->find('column', [
$user_id = $this->AuthKeys->find(
'column',
[
'fields' => ['user_id'],
'conditions' => [
'id' => $key_id
]
]);
]
);
return $this->__canCreateAuthKeyForUser($user_id);
}
}

3
src/Model/Table/AuthKeysTable.php
View File

@ -26,6 +26,9 @@ class AuthKeysTable extends AppTable
'propertyName' => 'User'
]
);
// $this->addBehavior('JsonFields', [
// 'fields' => ['allowed_ips'],
// ]);
$this->setDisplayField('comment');
}

20
templates/AuthKeys/index.php
View File

@ -3,7 +3,9 @@ echo sprintf('<div%s>', empty($ajax) ? ' class="index"' : '');
if (!$advancedEnabled) {
echo '<div class="alert">' . __('Advanced auth keys are not enabled.') . '</div>';
}
echo $this->element('genericElements/IndexTable/index_table', [
echo $this->element(
'genericElements/IndexTable/index_table',
[
'data' => [
'data' => $data,
'top_bar' => [
@ -84,32 +86,32 @@ echo $this->element('genericElements/IndexTable/index_table', [
'actions' => [
[
'url' => '/auth-keys/view',
'url_params_data_paths' => array(
'url_params_data_paths' => [
'id'
),
],
'icon' => 'eye',
'title' => 'View auth key',
],
[
'url' => '/auth-keys/edit',
'url_params_data_paths' => array(
'url_params_data_paths' => [
'id'
),
],
'icon' => 'edit',
'title' => 'Edit auth key',
'requirement' => $canCreateAuthkey
],
[
'class' => 'modal-open',
'url' => '/authKeys/delete',
'url_params_data_paths' => ['id'],
'open_modal' => '/authKeys/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id',
'icon' => 'trash',
'title' => __('Delete auth key'),
'requirement' => $canCreateAuthkey
]
]
]
]);
]
);
echo '</div>';
// TODO: [3.x-MIGRATION]
// if (empty($ajax)) {

13
templates/AuthKeys/view.php
View File

@ -15,7 +15,9 @@ if (isset($keyUsage)) {
$uniqueIps = null;
}
echo $this->element('genericElements/SingleViews/single_view', [
echo $this->element(
'genericElements/SingleViews/single_view',
[
'title' => 'Auth key view',
'data' => $entity,
'fields' => [
@ -46,9 +48,9 @@ echo $this->element('genericElements/SingleViews/single_view', [
[
'key' => __('Allowed IPs'),
'type' => 'custom',
'function' => function (array $data) {
if (is_array($data['allowed_ips'])) {
return implode("<br />", array_map('h', $data['allowed_ips']));
'function' => function (\App\Model\Entity\AuthKey $authKey) {
if (is_array($authKey->allowed_ips)) {
return implode("<br />", array_map('h', $authKey->allowed_ips));
}
return __('All');
}
@ -88,4 +90,5 @@ echo $this->element('genericElements/SingleViews/single_view', [
'type' => 'authkey_pin'
]
],
]);
]
);

5
templates/element/genericElements/SingleViews/Fields/authkeyField.php
View File

@ -1,8 +1,7 @@
<?php
$authKey = $this->Hash->extract($data, $field['path']);
echo sprintf(
'<span class="authkey">%s</span>%s<span class="authkey">%s</span>',
h($authKey['authkey_start']),
h($data['authkey_start']),
str_repeat('&bull;', 32),
h($authKey['authkey_end'])
h($data['authkey_end'])
);

2
templates/element/genericElements/SingleViews/Fields/datetimeField.php
View File

@ -1,3 +1,3 @@
<?php
$value = $this->Hash->extract($data, $field['path'])[0];
echo $this->Time->time($value);
echo $this->Time->format($value);