LoginForm: Also disable stay logged in case of no encryption method

This commit is contained in:
Johannes Meyer 2021-08-10 10:09:15 +02:00
parent a00166f15b
commit 24c1618793
3 changed files with 41 additions and 5 deletions

View File

@ -3,8 +3,10 @@
namespace Icinga\Forms\Authentication; namespace Icinga\Forms\Authentication;
use Exception;
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Application\Hook\AuthenticationHook; use Icinga\Application\Hook\AuthenticationHook;
use Icinga\Application\Logger;
use Icinga\Authentication\Auth; use Icinga\Authentication\Auth;
use Icinga\Authentication\User\ExternalBackend; use Icinga\Authentication\User\ExternalBackend;
use Icinga\Common\Database; use Icinga\Common\Database;
@ -90,10 +92,13 @@ class LoginForm extends Form
] ]
] ]
); );
if (! $this->hasDb()) { if (! RememberMe::isSupported()) {
$this->getElement('rememberme') $this->getElement('rememberme')
->setAttrib('disabled', true) ->setAttrib('disabled', true)
->setAttrib('title', "You can't stay logged in without a database configuration backend"); ->setDescription($this->translate(
'Staying logged in requires a database configuration backend'
. ' and an appropriate OpenSSL encryption method'
));
} }
$this->addElement( $this->addElement(
@ -137,9 +142,13 @@ class LoginForm extends Form
if ($authenticated) { if ($authenticated) {
$auth->setAuthenticated($user); $auth->setAuthenticated($user);
if ($this->getElement('rememberme')->isChecked()) { if ($this->getElement('rememberme')->isChecked()) {
try {
$rememberMe = RememberMe::fromCredentials($user->getUsername(), $password); $rememberMe = RememberMe::fromCredentials($user->getUsername(), $password);
$this->getResponse()->setCookie($rememberMe->getCookie()); $this->getResponse()->setCookie($rememberMe->getCookie());
$rememberMe->persist(); $rememberMe->persist();
} catch (Exception $e) {
Logger::error('Failed to let user "%s" stay logged in: %s', $user->getUsername(), $e);
}
} }
// Call provided AuthenticationHook(s) after successful login // Call provided AuthenticationHook(s) after successful login

View File

@ -39,6 +39,28 @@ class RememberMe
/** @var int Timestamp when the remember me cookie expires */ /** @var int Timestamp when the remember me cookie expires */
protected $expiresAt; protected $expiresAt;
/**
* Get whether staying logged in is possible
*
* @return bool
*/
public static function isSupported()
{
$self = new self();
if (! $self->hasDb()) {
return false;
}
try {
(new AesCrypt())->getMethod();
} catch (RuntimeException $_) {
return false;
}
return true;
}
/** /**
* Get whether the remember cookie is set * Get whether the remember cookie is set
* *

View File

@ -113,6 +113,11 @@
.toggle-switch { .toggle-switch {
margin-right: 1em; margin-right: 1em;
} }
.control-info {
line-height: 1.5;
margin-left: .5em;
}
} }
} }