From 24c1618793774eec8e6fc09aa056c73a6f26bc21 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Tue, 10 Aug 2021 10:09:15 +0200 Subject: [PATCH] LoginForm: Also disable stay logged in case of no encryption method --- .../forms/Authentication/LoginForm.php | 19 +++++++++++----- library/Icinga/Web/RememberMe.php | 22 +++++++++++++++++++ public/css/icinga/login.less | 5 +++++ 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/application/forms/Authentication/LoginForm.php b/application/forms/Authentication/LoginForm.php index 21a0dc64d..8a71ecf55 100644 --- a/application/forms/Authentication/LoginForm.php +++ b/application/forms/Authentication/LoginForm.php @@ -3,8 +3,10 @@ namespace Icinga\Forms\Authentication; +use Exception; use Icinga\Application\Config; use Icinga\Application\Hook\AuthenticationHook; +use Icinga\Application\Logger; use Icinga\Authentication\Auth; use Icinga\Authentication\User\ExternalBackend; use Icinga\Common\Database; @@ -90,10 +92,13 @@ class LoginForm extends Form ] ] ); - if (! $this->hasDb()) { + if (! RememberMe::isSupported()) { $this->getElement('rememberme') ->setAttrib('disabled', true) - ->setAttrib('title', "You can't stay logged in without a database configuration backend"); + ->setDescription($this->translate( + 'Staying logged in requires a database configuration backend' + . ' and an appropriate OpenSSL encryption method' + )); } $this->addElement( @@ -137,9 +142,13 @@ class LoginForm extends Form if ($authenticated) { $auth->setAuthenticated($user); if ($this->getElement('rememberme')->isChecked()) { - $rememberMe = RememberMe::fromCredentials($user->getUsername(), $password); - $this->getResponse()->setCookie($rememberMe->getCookie()); - $rememberMe->persist(); + try { + $rememberMe = RememberMe::fromCredentials($user->getUsername(), $password); + $this->getResponse()->setCookie($rememberMe->getCookie()); + $rememberMe->persist(); + } catch (Exception $e) { + Logger::error('Failed to let user "%s" stay logged in: %s', $user->getUsername(), $e); + } } // Call provided AuthenticationHook(s) after successful login diff --git a/library/Icinga/Web/RememberMe.php b/library/Icinga/Web/RememberMe.php index b4a1f8337..10023960c 100644 --- a/library/Icinga/Web/RememberMe.php +++ b/library/Icinga/Web/RememberMe.php @@ -39,6 +39,28 @@ class RememberMe /** @var int Timestamp when the remember me cookie expires */ protected $expiresAt; + /** + * Get whether staying logged in is possible + * + * @return bool + */ + public static function isSupported() + { + $self = new self(); + + if (! $self->hasDb()) { + return false; + } + + try { + (new AesCrypt())->getMethod(); + } catch (RuntimeException $_) { + return false; + } + + return true; + } + /** * Get whether the remember cookie is set * diff --git a/public/css/icinga/login.less b/public/css/icinga/login.less index f721d3742..9ed4c7bbf 100644 --- a/public/css/icinga/login.less +++ b/public/css/icinga/login.less @@ -113,6 +113,11 @@ .toggle-switch { margin-right: 1em; } + + .control-info { + line-height: 1.5; + margin-left: .5em; + } } }