tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-03 12:04:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/basic-auth-api-only-11151'

Browse Source 
fixes #11151
This commit is contained in:
Alexander A. Klimov 2016-02-15 14:24:29 +01:00
commit 2b2f759ef5
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/Icinga/Authentication/Auth.php
View File

@ -270,7 +270,7 @@ class Auth
} }
/** /**
* Attempt to authenticate a user using HTTP authentication * Attempt to authenticate a user using HTTP authentication on API requests only
* *
* Supports only the Basic HTTP authentication scheme. XHR will be ignored. * Supports only the Basic HTTP authentication scheme. XHR will be ignored.
* *
@ -278,13 +278,11 @@ class Auth
*/ */
protected function authHttp() protected function authHttp()
{ {
if ($this->getRequest()->isXmlHttpRequest()) { $request = $this->getRequest();
if ($request->isXmlHttpRequest() || ! $request->isApiRequest()) {
return false; return false;
} }
if (($header = $this->getRequest()->getHeader('Authorization')) === false) { if (empty($header = $request->getHeader('Authorization'))) {
return false;
}
if (empty($header)) {
$this->challengeHttp(); $this->challengeHttp();
} }
list($scheme) = explode(' ', $header, 2); list($scheme) = explode(' ', $header, 2);

4
library/Icinga/Web/Session/PhpSession.php
View File

@ -213,7 +213,9 @@ class PhpSession extends Session
public function refreshId() public function refreshId()
{ {
$this->open(); $this->open();
session_regenerate_id(); if ($this->exists()) {
session_regenerate_id();
}
session_write_close(); session_write_close();
$this->hasBeenTouched = true; $this->hasBeenTouched = true;
} }