mirror of https://github.com/MISP/MISP
commit
ed22d14d6b
1
AUTHORS
1
AUTHORS
|
@ -12,6 +12,7 @@ Contributions from: (incomplete list, contact us to add your name)
|
|||
Copyright Christophe Vandeplas
|
||||
Copyright Belgian Defence
|
||||
Copyright NATO / NCIRC
|
||||
Copyright Andras Iklody
|
||||
|
||||
This code is licensed under the GNU AFFERO GENERAL PUBLIC LICENSE version 3.
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":62}
|
||||
{"major":2, "minor":3, "hotfix":63}
|
||||
|
|
|
@ -87,10 +87,16 @@ class AppController extends Controller {
|
|||
// disable CSRF for REST access
|
||||
if (array_key_exists('Security', $this->components))
|
||||
$this->Security->csrfCheck = false;
|
||||
|
||||
// Authenticate user with authkey in Authorization HTTP header
|
||||
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
$user = $this->checkAuthUser($_SERVER['HTTP_AUTHORIZATION']);
|
||||
$authentication = explode(',', $_SERVER['HTTP_AUTHORIZATION']);
|
||||
$user = false;
|
||||
foreach ($authentication as $auth_key) {
|
||||
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
|
||||
$user = $this->checkAuthUser(trim($auth_key));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if ($user) {
|
||||
// User found in the db, add the user info to the session
|
||||
$this->Session->renew();
|
||||
|
|
Loading…
Reference in New Issue