mirror of https://github.com/MISP/MISP
Parse authorization headers for a valid MISP auth key, fixes #478
- Keeps parsing until a valid auth key is foundpull/484/head
parent
e6ac4b0667
commit
d9f4e996f2
1
AUTHORS
1
AUTHORS
|
@ -12,6 +12,7 @@ Contributions from: (incomplete list, contact us to add your name)
|
||||||
Copyright Christophe Vandeplas
|
Copyright Christophe Vandeplas
|
||||||
Copyright Belgian Defence
|
Copyright Belgian Defence
|
||||||
Copyright NATO / NCIRC
|
Copyright NATO / NCIRC
|
||||||
|
Copyright Andras Iklody
|
||||||
|
|
||||||
This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
{"major":2, "minor":3, "hotfix":62}
|
{"major":2, "minor":3, "hotfix":63}
|
||||||
|
|
|
@ -87,10 +87,18 @@ class AppController extends Controller {
|
||||||
// disable CSRF for REST access
|
// disable CSRF for REST access
|
||||||
if (array_key_exists('Security', $this->components))
|
if (array_key_exists('Security', $this->components))
|
||||||
$this->Security->csrfCheck = false;
|
$this->Security->csrfCheck = false;
|
||||||
|
|
||||||
// Authenticate user with authkey in Authorization HTTP header
|
// Authenticate user with authkey in Authorization HTTP header
|
||||||
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||||
$user = $this->checkAuthUser($_SERVER['HTTP_AUTHORIZATION']);
|
$authentication = explode(',', $_SERVER['HTTP_AUTHORIZATION']);
|
||||||
|
$user = false;
|
||||||
|
foreach ($authentication as $auth_key) {
|
||||||
|
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
|
||||||
|
$user = $this->checkAuthUser(trim($auth_key));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
debug($user);
|
||||||
|
throw new Exception();
|
||||||
if ($user) {
|
if ($user) {
|
||||||
// User found in the db, add the user info to the session
|
// User found in the db, add the user info to the session
|
||||||
$this->Session->renew();
|
$this->Session->renew();
|
||||||
|
|
Loading…
Reference in New Issue