LoginForm: Also disable stay logged in case of no encryption method

2021-08-10 10:09:15 +02:00 · 2021-08-10 10:09:15 +02:00 · 24c1618793
parent a00166f15b
commit 24c1618793
3 changed files with 41 additions and 5 deletions
--- a/application/forms/Authentication/LoginForm.php
+++ b/application/forms/Authentication/LoginForm.php
@ -3,8 +3,10 @@

 namespace Icinga\Forms\Authentication;

+use Exception;
 use Icinga\Application\Config;
 use Icinga\Application\Hook\AuthenticationHook;
+use Icinga\Application\Logger;
 use Icinga\Authentication\Auth;
 use Icinga\Authentication\User\ExternalBackend;
 use Icinga\Common\Database;
@ -90,10 +92,13 @@ class LoginForm extends Form
                ]
            ]
        );
-        if (! $this->hasDb()) {
+        if (! RememberMe::isSupported()) {
            $this->getElement('rememberme')
                ->setAttrib('disabled', true)
-                ->setAttrib('title', "You can't stay logged in without a database configuration backend");
+                ->setDescription($this->translate(
+                    'Staying logged in requires a database configuration backend'
+                    . ' and an appropriate OpenSSL encryption method'
+                ));
        }

        $this->addElement(
@ -137,9 +142,13 @@ class LoginForm extends Form
        if ($authenticated) {
            $auth->setAuthenticated($user);
            if ($this->getElement('rememberme')->isChecked()) {
-                $rememberMe = RememberMe::fromCredentials($user->getUsername(), $password);
-                $this->getResponse()->setCookie($rememberMe->getCookie());
-                $rememberMe->persist();
+                try {
+                    $rememberMe = RememberMe::fromCredentials($user->getUsername(), $password);
+                    $this->getResponse()->setCookie($rememberMe->getCookie());
+                    $rememberMe->persist();
+                } catch (Exception $e) {
+                    Logger::error('Failed to let user "%s" stay logged in: %s', $user->getUsername(), $e);
+                }
            }

            // Call provided AuthenticationHook(s) after successful login
--- a/library/Icinga/Web/RememberMe.php
+++ b/library/Icinga/Web/RememberMe.php
@ -39,6 +39,28 @@ class RememberMe
    /** @var int Timestamp when the remember me cookie expires */
    protected $expiresAt;

+    /**
+     * Get whether staying logged in is possible
+     *
+     * @return bool
+     */
+    public static function isSupported()
+    {
+        $self = new self();
+
+        if (! $self->hasDb()) {
+            return false;
+        }
+
+        try {
+            (new AesCrypt())->getMethod();
+        } catch (RuntimeException $_) {
+            return false;
+        }
+
+        return true;
+    }
+
    /**
     * Get whether the remember cookie is set
     *
--- a/public/css/icinga/login.less
+++ b/public/css/icinga/login.less
@ -113,6 +113,11 @@
    .toggle-switch {
      margin-right: 1em;
    }
+
+    .control-info {
+      line-height: 1.5;
+      margin-left: .5em;
+    }
  }
 }