mirror of https://github.com/MISP/MISP
Added logging of auth key changes, fixes #715
- Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys - Also removed the logging of the hashed password for newly created userspull/727/head
parent
35cd740b6e
commit
da5fac5873
|
@ -1 +1 @@
|
||||||
{"major":2, "minor":3, "hotfix":158}
|
{"major":2, "minor":3, "hotfix":159}
|
||||||
|
|
|
@ -587,11 +587,17 @@ class UsersController extends AppController {
|
||||||
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
||||||
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||||
}
|
}
|
||||||
$this->User->read();
|
$user = $this->User->read();
|
||||||
|
$oldKey = $this->User->data['User']['authkey'];
|
||||||
if ('me' == $id ) $id = $this->Auth->user('id');
|
if ('me' == $id ) $id = $this->Auth->user('id');
|
||||||
else if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org']) && ($this->Auth->user('id') != $id)) throw new MethodNotAllowedException();
|
else if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org']) && ($this->Auth->user('id') != $id)) throw new MethodNotAllowedException();
|
||||||
$newkey = $this->User->generateAuthKey();
|
$newkey = $this->User->generateAuthKey();
|
||||||
$this->User->saveField('authkey', $newkey);
|
$this->User->saveField('authkey', $newkey);
|
||||||
|
$this->__extralog(
|
||||||
|
'reset_auth_key',
|
||||||
|
'Authentication key for user ' . $user['User']['id'] . ' (' . $user['User']['email'] . ')',
|
||||||
|
$fieldsResult = 'authkey(' . $oldKey . ') => (' . $newkey . ')'
|
||||||
|
);
|
||||||
$this->Session->setFlash(__('New authkey generated.', true));
|
$this->Session->setFlash(__('New authkey generated.', true));
|
||||||
$this->_refreshAuth();
|
$this->_refreshAuth();
|
||||||
$this->redirect($this->referer());
|
$this->redirect($this->referer());
|
||||||
|
|
|
@ -32,7 +32,8 @@ class Log extends AppModel {
|
||||||
'update_database',
|
'update_database',
|
||||||
'version_warning',
|
'version_warning',
|
||||||
'auth',
|
'auth',
|
||||||
'auth_fail'
|
'auth_fail',
|
||||||
|
'reset_auth_key'
|
||||||
)),
|
)),
|
||||||
'message' => 'Options : ...'
|
'message' => 'Options : ...'
|
||||||
)
|
)
|
||||||
|
|
|
@ -218,7 +218,8 @@ class User extends AppModel {
|
||||||
'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable
|
'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable
|
||||||
'userModel' => 'User',
|
'userModel' => 'User',
|
||||||
'userKey' => 'user_id',
|
'userKey' => 'user_id',
|
||||||
'change' => 'full'
|
'change' => 'full',
|
||||||
|
'ignore' => array('password')
|
||||||
),
|
),
|
||||||
'Trim',
|
'Trim',
|
||||||
'Containable'
|
'Containable'
|
||||||
|
|
Loading…
Reference in New Issue