MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

First implementation of the new auth mechanism

pull/1050/head
Iglocska 2016-03-15 23:04:20 +01:00
parent 8335c56fff
commit afaa537b82
11 changed files with 380 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
app/Controller/AppController.php
View File

@ -98,85 +98,90 @@ class AppController extends Controller {
if(preg_match('/(?i)msie [2-8]/',$_SERVER['HTTP_USER_AGENT']) && !strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) throw new MethodNotAllowedException('You are using an unsecure and outdated version of IE, please download Google Chrome, Mozilla Firefox or update to a newer version of IE. If you are running IE9 or newer and still receive this error message, please make sure that you are not running your browser in compatibility mode. If you still have issues accessing the site, get in touch with your administration team at ' . Configure::read('MISP.contact'));
}
// REST authentication
if ($this->_isRest() || $this->_isAutomation()) {
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
$this->Security->csrfCheck = false;
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$found_misp_auth_key = false;
$authentication = explode(',', $_SERVER['HTTP_AUTHORIZATION']);
$user = false;
foreach ($authentication as $auth_key) {
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
$found_misp_auth_key = true;
$temp = $this->checkAuthUser(trim($auth_key));
if ($temp) $user['User'] = $this->checkAuthUser(trim($auth_key));
continue;
$userLoggedIn = false;
if (Configure::read('Plugin.CustomAuth_enable')) $userLoggedIn = $this->__customAuthentication($_SERVER);
if (!$userLoggedIn) {
// REST authentication
if ($this->_isRest() || $this->_isAutomation()) {
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
$this->Security->csrfCheck = false;
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
$found_misp_auth_key = false;
$authentication = explode(',', $_SERVER['HTTP_AUTHORIZATION']);
$user = false;
foreach ($authentication as $auth_key) {
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
$found_misp_auth_key = true;
$temp = $this->checkAuthUser(trim($auth_key));
if ($temp) $user['User'] = $this->checkAuthUser(trim($auth_key));
continue;
}
}
}
if ($found_misp_auth_key) {
if ($user) {
unset($user['User']['gpgkey']);
// User found in the db, add the user info to the session
if (Configure::read('MISP.log_auth')) {
if ($found_misp_auth_key) {
if ($user) {
unset($user['User']['gpgkey']);
// User found in the db, add the user info to the session
if (Configure::read('MISP.log_auth')) {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$log = array(
'org' => $user['User']['Organisation']['name'],
'model' => 'User',
'model_id' => $user['User']['id'],
'email' => $user['User']['email'],
'action' => 'auth',
'title' => 'Successful authentication using API key',
'change' => 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here,
);
$this->Log->save($log);
}
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$log = array(
'org' => $user['User']['Organisation']['name'],
'org' => 'SYSTEM',
'model' => 'User',
'model_id' => $user['User']['id'],
'email' => $user['User']['email'],
'action' => 'auth',
'title' => 'Successful authentication using API key',
'change' => 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here,
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'auth_fail',
'title' => 'Failed authentication using API key (' . trim($auth_key) . ')',
'change' => null,
);
$this->Log->save($log);
}
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$log = array(
'org' => 'SYSTEM',
'model' => 'User',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'auth_fail',
'title' => 'Failed authentication using API key (' . trim($auth_key) . ')',
'change' => null,
);
$this->Log->save($log);
throw new ForbiddenException('Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.');
throw new ForbiddenException('Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.');
}
unset($user);
}
unset($user);
}
}
if ($this->Auth->user() == null) throw new ForbiddenException('Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.');
} else if(!$this->Session->read(AuthComponent::$sessionKey)) {
// load authentication plugins from Configure::read('Security.auth')
$auth = Configure::read('Security.auth');
if($auth) {
$this->Auth->authenticate = array_merge($auth, $this->Auth->authenticate);
if($this->Auth->startup($this)) {
$user = $this->Auth->user();
if ($user) {
unset($user['gpgkey']);
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user);
if ($this->Auth->user() == null) throw new ForbiddenException('Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.');
} else if(!$this->Session->read(AuthComponent::$sessionKey)) {
//throw new Exception();
// load authentication plugins from Configure::read('Security.auth')
$auth = Configure::read('Security.auth');
if($auth) {
$this->Auth->authenticate = array_merge($auth, $this->Auth->authenticate);
if($this->Auth->startup($this)) {
$user = $this->Auth->user();
if ($user) {
unset($user['gpgkey']);
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user);
}
unset($user);
}
unset($user);
}
unset($auth);
}
unset($auth);
}
// user must accept terms
//
//grab the base path from our base url for use in the following checks
@ -383,12 +388,19 @@ class AppController extends Controller {
*/
public function checkAuthUser($authkey) {
$this->loadModel('User');
$this->User->recursive = -1;
$user = $this->User->getAuthUserByUuid($authkey);
if (empty($user)) return false;
if ($user['Role']['perm_site_admin']) $user['siteadmin'] = true;
return $user;
}
public function checkExternalAuthUser($authkey) {
$this->loadModel('User');
$user = $this->User->getAuthUserByExternalAuth($authkey);
if (empty($user)) return false;
if ($user['Role']['perm_site_admin']) $user['siteadmin'] = true;
return $user;
}
public function generateCount() {
if (!self::_isSiteAdmin() || !$this->request->is('post')) throw new NotFoundException();
@ -512,4 +524,57 @@ class AppController extends Controller {
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
}
}
private function __customAuthentication(&$server) {
$result = true;
if (Configure::read('Plugin.CustomAuth_enable')) {
$result = false;
if (!Configure::read('Plugin.CustomAuth_only_allow_source') || Configure::read('Plugin.CustomAuth_only_allow_source') === $server['REMOTE_ADDR']) {
$header = Configure::read('Plugin.CustomAuth_header') ? Configure::read('Plugin.CustomAuth_header') : 'Authorization';
$header = strtoupper($header);
$authName = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
if (isset($server['HTTP_' . $header]) && !empty($server['HTTP_' . $header])) {
$temp = $this->checkExternalAuthUser($server['HTTP_' . $header]);
$user['User'] = $temp;
if ($user['User']) {
unset($user['User']['gpgkey']);
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
if (Configure::read('MISP.log_auth')) {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$log = array(
'org' => $user['User']['Organisation']['name'],
'model' => 'User',
'model_id' => $user['User']['id'],
'email' => $user['User']['email'],
'action' => 'auth',
'title' => 'Successful authentication using ' . $authName . ' key',
'change' => 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here,
);
$this->Log->save($log);
}
} else {
// User not authenticated correctly
// reset the session information
$this->Session->destroy();
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$log = array(
'org' => 'SYSTEM',
'model' => 'User',
'model_id' => 0,
'email' => 'SYSTEM',
'action' => 'auth_fail',
'title' => 'Failed authentication using external key (' . trim($server['HTTP_' . $header]) . ')',
'change' => null,
);
$this->Log->save($log);
throw new ForbiddenException('Authentication failed. Please make sure you pass the ' . $authName . ' key of a(n) ' . $authName . ' enabled user along in the ' . $header . ' header.');
}
}
}
}
return $result;
}
}

3
app/Controller/UsersController.php
View File

@ -62,6 +62,7 @@ class UsersController extends AppController {
* @throws NotFoundException
*/
public function edit($id = null) {
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
$me = false;
if ("me" == $id) {
$id = $this->Auth->user('id');
@ -477,6 +478,7 @@ class UsersController extends AppController {
// TODO Audit, __extralog, fields get orig
$fieldsOldValues = array();
foreach ($fields as $field) {
if ($field == 'enable_password') continue;
if($field != 'confirm_password') array_push($fieldsOldValues, $this->User->field($field));
else array_push($fieldsOldValues, $this->User->field('password'));
}
@ -707,6 +709,7 @@ class UsersController extends AppController {
}
public function resetauthkey($id = null) {
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action' => 'view', $this->Auth->user('id')));

8
app/Model/AppModel.php
View File

@ -144,11 +144,15 @@ class AppModel extends Model {
case 'addIPLogging':
$sql = 'ALTER TABLE `logs` ADD `ip` varchar(45) COLLATE utf8_bin DEFAULT NULL;';
break;
case 'addCustomAuth':
$sqlArray[] = "ALTER TABLE `users` ADD `external_auth_required` tinyint(1) NOT NULL DEFAULT '0';";
$sqlArray[] = 'ALTER TABLE `users` ADD `external_auth_key` text COLLATE utf8_bin;';
break;
case '24betaupdates':
$sqlArray = array();
$sqlArray[] = 'ALTER TABLE `shadow_attributes` ADD `proposal_to_delete` BOOLEAN NOT NULL';
$sqlArray[] = "ALTER TABLE `shadow_attributes` ADD `proposal_to_delete` tinyint(1) NOT NULL DEFAULT '0';";
$sqlArray[] = 'ALTER TABLE `logs` MODIFY `change` text COLLATE utf8_bin NOT NULL';
$sqlArray[] = 'ALTER TABLE `logs` MODIFY `change` text COLLATE utf8_bin NOT NULL;';
$sqlArray[] = "CREATE TABLE IF NOT EXISTS `taxonomies` (
`id` int(11) NOT NULL AUTO_INCREMENT,

65
app/Model/Server.php
View File

@ -538,6 +538,16 @@ class Server extends AppModel {
'type' => 'boolean',
'null' => true
),
'disableUserSelfManagement' => array(
'level' => 1,
'description' => 'When enabled only Org and Site admins can edit a user\'s profile.',
'value' => false,
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean',
'null' => false,
),
),
'GnuPG' => array(
'branch' => 1,
@ -760,7 +770,7 @@ class Server extends AppModel {
'description' => 'The e-mail address specified in the SOA portion of the zone file.',
'value' => 'root.localhost',
'errorMessage' => '',
'test' => 'testBool',
'test' => 'testForEmpty',
'type' => 'string',
),
'ZeroMQ_enable' => array(
@ -826,7 +836,52 @@ class Server extends AppModel {
'type' => 'string',
'afterHook' => 'zmqAfterHook',
),
'CustomAuth_enable' => array(
'level' => 2,
'description' => 'Enable this functionality if you would like to handle the authentication via an external tool and authenticate with MISP using a custom header.',
'value' => false,
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean',
'null' => true,
'beforeHook' => 'customAuthBeforeHook'
),
'CustomAuth_header' => array(
'level' => 2,
'description' => 'Set the header that MISP should look for here. If left empty it will default to the Authorization header.',
'value' => 'Authorization',
'errorMessage' => '',
'test' => 'testForEmpty',
'type' => 'string',
'null' => true
),
'CustomAuth_required' => array(
'level' => 2,
'description' => 'If this setting is enabled then the only way to authenticate will be using the custom header. Altnertatively you can run in mixed mode that will log users in via the header if found, otherwise users will be redirected to the normal login page.',
'value' => false,
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean',
'null' => true
),
'CustomAuth_only_allow_source' => array(
'level' => 2,
'description' => 'If you are using an external tool to authenticate with MISP and would like to only allow the tool\'s url as a valid point of entry then set this field. ',
'value' => '',
'errorMessage' => '',
'test' => 'testForEmpty',
'type' => 'string',
'null' => true
),
'CustomAuth_name' => array(
'level' => 2,
'description' => 'The name of the authentication method, this is cosmetic only and will be shown on the user creation page and logs.',
'value' => 'External authentication',
'errorMessage' => '',
'test' => '',
'type' => 'string',
'null' => true
)
),
'debug' => array(
'level' => 0,
@ -1697,6 +1752,12 @@ class Server extends AppModel {
return true;
}
public function customAuthBeforeHook($setting, $value) {
if ($value) $this->updateDatabase('addCustomAuth');
$this->cleanCacheFiles();
return true;
}
// never come here directly, always go through a secondary check like testForTermsFile in order to also pass along the expected file path
private function __testForFile($value, $path) {

42
app/Model/User.php
View File

@ -237,6 +237,36 @@ class User extends AppModel {
'Trim',
'Containable'
);
private function __generatePassword() {
$groups = array(
'0123456789',
'abcdefghijklmnopqrstuvwxyz',
'ABCDEFGHIJKLOMNOPQRSTUVWXYZ',
'!@#$%^&*()_-'
);
$passwordLength = Configure::read('Security.password_policy_length') ? Configure::read('Security.password_policy_length') : 12;
$pw = '';
for ($i = 0; $i < $passwordLength; $i++) {
$chars = implode('', $groups);
$pw .= $chars[mt_rand(0, strlen($chars)-1)];
}
foreach ($groups as &$group) {
$pw .= $group[mt_rand(0, strlen($group)-1)];
}
return $pw;
}
public function beforeValidate($options = array()) {
if (!isset($this->data['User']['id'])) {
if (!$this->data['User']['enable_password'] || (empty($this->data['User']['password']) && empty($this->data['User']['confirm_password']))) {
$this->data['User']['password'] = $this->__generatePassword();
$this->data['User']['confirm_password'] = $this->data['User']['password'];
}
}
if (!isset($this->data['User']['nids_sid']) || empty($this->data['User']['nids_sid'])) $this->data['User']['nids_sid'] = mt_rand(1000000, 9999999);
return true;
}
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
@ -457,6 +487,18 @@ class User extends AppModel {
return $user['User'];
}
public function getAuthUserByExternalAuth($id) {
$conditions = array('User.external_auth_key' => $id, 'User.external_auth_required' => true);
$user = $this->find('first', array('conditions' => $conditions, 'recursive' => -1,'contain' => array('Organisation', 'Role', 'Server')));
if (empty($user)) return $user;
// Rearrange it a bit to match the Auth object created during the login
$user['User']['Role'] = $user['Role'];
$user['User']['Organisation'] = $user['Organisation'];
$user['User']['Server'] = $user['Server'];
unset($user['Organisation'], $user['Role'], $user['Server']);
return $user['User'];
}
// Fetch all users that have access to an event / discussion for e-mailing (or maybe something else in the future.
// parameters are an array of org IDs that are owners (for an event this would be orgc and org)
public function getUsersWithAccess($owners = array(), $distribution, $sharing_group_id = 0, $userConditions = array()) {

2
app/View/Elements/side_menu.ctp
View File

@ -125,7 +125,7 @@
break;
case 'globalActions':
if ($menuItem === 'edit' || $menuItem === 'view'): ?>
if (((Configure::read('MISP.disableUserSelfManagement') && $isAdmin) || !Configure::read('MISP.disableUserSelfManagement')) && ($menuItem === 'edit' || $menuItem === 'view')): ?>
<li id='liedit'><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
<li class="divider"></li>
<?php endif; ?>

51
app/View/Users/admin_add.ctp
View File

@ -4,8 +4,43 @@
<legend><?php echo __('Admin Add User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
?>
<div class="clear"></div>
<?php
$password = true;
if (Configure::read('Plugin.CustomAuth_enable')):
if (Configure::read('Plugin.CustomAuth_required')):
$password = false;
else:
$userType = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => $userType . ' user'));
endif;
?>
<div class="clear"></div>
<div id="externalAuthDiv">
<?php
echo $this->Form->input('external_auth_key', array('type' => 'text'));
?>
</div>
<?php
endif;
?>
<div class="clear"></div>
<div id="passwordDivDiv">
<?php
echo $this->Form->input('enable_password', array('type' => 'checkbox', 'label' => 'Set password'));
?>
<div id="PasswordDiv">
<div class="clear"></div>
<?php
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
?>
</div>
</div>
<div class="clear"></div>
<?php
if ($isSiteAdmin) {
echo $this->Form->input('org_id', array(
'options' => $orgs,
@ -13,8 +48,8 @@
'empty' => 'Choose organisation',
));
}
echo $this->Form->input('role_id', array('label' => 'Role', 'div' => 'input clear'));
echo $this->Form->input('authkey', array('value' => $authkey, 'readonly' => 'readonly'));
echo $this->Form->input('role_id', array('label' => 'Role'));
echo $this->Form->input('authkey', array('value' => $authkey, 'readonly' => 'readonly', 'div' => 'input clear'));
echo $this->Form->input('nids_sid');
?>
<div id = "syncServers" class="hidden">
@ -49,5 +84,13 @@ $(document).ready(function() {
$('#UserRoleId').change(function() {
syncUserSelected();
});
checkUserPasswordEnabled();
checkUserExternalAuth();
$('#UserEnablePassword').change(function() {
checkUserPasswordEnabled();
});
$('#UserExternalAuthRequired').change(function() {
checkUserExternalAuth();
});
});
</script>

56
app/View/Users/admin_edit.ctp
View File

@ -4,22 +4,52 @@
<legend><?php echo __('Admin Edit User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
?>
<div class="clear"></div>
<?php
$password = true;
if (Configure::read('Plugin.CustomAuth_enable')):
if (Configure::read('Plugin.CustomAuth_required')):
$password = false;
else:
$userType = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => $userType . ' user'));
endif;
?>
<div class="clear"></div>
<div id="externalAuthDiv">
<?php
echo $this->Form->input('external_auth_key', array('type' => 'text'));
?>
</div>
<?php
endif;
?>
<div class="clear"></div>
<div id="passwordDivDiv">
<?php
echo $this->Form->input('enable_password', array('type' => 'checkbox', 'label' => 'Set password'));
?>
<div id="PasswordDiv">
<div class="clear"></div>
<?php
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
?>
</div>
</div>
<div class="clear"></div>
<?php
if ($isSiteAdmin) {
echo $this->Form->input('org_id', array(
'options' => $orgs,
'label' => 'Organisation',
));
}
echo $this->Form->input('role_id', array('label' => 'Role', 'div' => 'input clear')); // TODO ACL, User edit role_id.
echo $this->Form->input('authkey', array('disabled' => 'disabled', 'label' => 'Authentication key'));
echo $this->Form->input('role_id', array('label' => 'Role')); // TODO ACL, User edit role_id.
echo $this->Form->input('authkey', array('disabled' => 'disabled', 'label' => 'Authentication key', 'div' => 'input clear'));
echo $this->Form->input('nids_sid');
echo $this->Form->input('newsread', array(
'label' => 'News read (date)',
'type' => 'text',
'class' => 'datepicker',
));
?>
<div id = "syncServers" class="hidden">
<?php
@ -59,5 +89,13 @@ $(document).ready(function() {
$('#UserRoleId').change(function() {
syncUserSelected();
});
checkUserPasswordEnabled();
checkUserExternalAuth();
$('#UserEnablePassword').change(function() {
checkUserPasswordEnabled();
});
$('#UserExternalAuthRequired').change(function() {
checkUserExternalAuth();
});
});
</script>

15
app/View/Users/admin_index.ctp
View File

@ -52,6 +52,13 @@
<th><?php echo $this->Paginator->sort('nids_sid');?></th>
<th><?php echo $this->Paginator->sort('termsaccepted');?></th>
<th><?php echo $this->Paginator->sort('current_login', 'Last login');?></th>
<?php
if (Configure::read('Plugin.CustomAuth_enable') && !Configure::read('Plugin.CustomAuth_required')):
?>
<th><?php echo $this->Paginator->sort('external_auth_required', Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication');?></th>
<?php
endif;
?>
<th><?php echo $this->Paginator->sort('disabled');?></th>
<th class="actions"><?php echo __('Actions');?></th>
</tr>
@ -84,6 +91,14 @@
?>&nbsp;</td>
<td class="short" ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';" title="<?php echo !$user['User']['current_login'] ? 'N/A' : h(date("Y-m-d H:i:s",$user['User']['current_login']));?>">
<?php echo !$user['User']['current_login'] ? 'N/A' : h(date("Y-m-d",$user['User']['current_login'])); ?>&nbsp;</td>
<?php
if (Configure::read('Plugin.CustomAuth_enable') && !Configure::read('Plugin.CustomAuth_required')):
?>
<td class="short" ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';" title="">
<?php echo ($user['User']['external_auth_required'] ? 'Yes' : 'No'); ?></td>
<?php
endif;
?>
<td class="short <?php if ($user['User']['disabled']) echo 'red bold';?>" ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo ($user['User']['disabled'] ? 'Yes' : 'No'); ?></td>
<td class="short action-links">

8
app/View/Users/view.ctp
View File

@ -33,8 +33,12 @@
</dd>
<dt><?php echo __('Authkey'); ?></dt>
<dd>
<?php echo h($user['User']['authkey']); ?>
(<?php echo $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id']));?>)
<?php
echo h($user['User']['authkey']);
if (!Configure::read('MISP.disableUserSelfManagement') || $isAdmin) {
echo '(' . $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
}
?>
&nbsp;
</dd>
<dt><?php echo __('NIDS Start SID'); ?></dt>

18
app/webroot/js/ajaxification.js
View File

@ -2237,3 +2237,21 @@ function feedDistributionChange() {
if ($('#FeedDistribution').val() == 4) $('#SGContainer').show();
else $('#SGContainer').hide();
}
function checkUserPasswordEnabled() {
if ($('#UserEnablePassword').is(':checked')) {
$('#PasswordDiv').show();
} else {
$('#PasswordDiv').hide();
}
}
function checkUserExternalAuth() {
if ($('#UserExternalAuthRequired').is(':checked')) {
$('#externalAuthDiv').show();
$('#passwordDivDiv').hide();
} else {
$('#externalAuthDiv').hide();
$('#passwordDivDiv').show();
}
}