tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

EmbeddedWeb: Explicitly perform authentication

Browse Source 
It is nowadays no exception that stylesheet may be dependent
on who's using the app. So to avoid race conditions like
in #5385 authentication is an explicit step during bootstrap
now.

fixes #5385
This commit is contained in:
Johannes Meyer 2025-07-08 14:16:42 +02:00
parent dadff36660
commit a28eb4beb8
2 changed files with 46 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
library/Icinga/Application/EmbeddedWeb.php
View File

@ -5,6 +5,8 @@ namespace Icinga\Application;
require_once dirname(__FILE__) . '/ApplicationBootstrap.php'; require_once dirname(__FILE__) . '/ApplicationBootstrap.php';
use Icinga\Authentication\Auth;
use Icinga\User;
use Icinga\Web\Request; use Icinga\Web\Request;
use Icinga\Web\Response; use Icinga\Web\Response;
use ipl\I18n\NoopTranslator; use ipl\I18n\NoopTranslator;
@ -35,6 +37,13 @@ class EmbeddedWeb extends ApplicationBootstrap
*/ */
protected $response; protected $response;
/**
* User object
*
* @var ?User
*/
protected ?User $user = null;
/** /**
* Get the request * Get the request
* *
@ -65,10 +74,10 @@ class EmbeddedWeb extends ApplicationBootstrap
protected function bootstrap() protected function bootstrap()
{ {
return $this return $this
->setupLogging()
->setupErrorHandling() ->setupErrorHandling()
->loadLibraries() ->loadLibraries()
->loadConfig() ->loadConfig()
->setupLogging()
->setupLogger() ->setupLogger()
->setupRequest() ->setupRequest()
->setupResponse() ->setupResponse()
@ -76,6 +85,8 @@ class EmbeddedWeb extends ApplicationBootstrap
->prepareFakeInternationalization() ->prepareFakeInternationalization()
->setupModuleManager() ->setupModuleManager()
->loadEnabledModules() ->loadEnabledModules()
->setupUserBackendFactory()
->setupUser()
->registerApplicationHooks(); ->registerApplicationHooks();
} }
@ -101,6 +112,27 @@ class EmbeddedWeb extends ApplicationBootstrap
return $this; return $this;
} }
/**
* Create user object
*
* @return $this
*/
protected function setupUser(): static
{
$auth = Auth::getInstance();
if (! $this->request->isXmlHttpRequest() && $this->request->isApiRequest() && ! $auth->isAuthenticated()) {
$auth->authHttp();
}
if ($auth->isAuthenticated()) {
$user = $auth->getUser();
$this->getRequest()->setUser($user);
$this->user = $user;
}
return $this;
}
/** /**
* Prepare fake internationalization * Prepare fake internationalization
* *

67
library/Icinga/Application/Web.php
View File

@ -16,14 +16,11 @@ use Zend_Layout;
use Zend_Paginator; use Zend_Paginator;
use Zend_View_Helper_PaginationControl; use Zend_View_Helper_PaginationControl;
use Icinga\Authentication\Auth; use Icinga\Authentication\Auth;
use Icinga\User;
use Icinga\Util\DirectoryIterator; use Icinga\Util\DirectoryIterator;
use Icinga\Util\TimezoneDetect; use Icinga\Util\TimezoneDetect;
use Icinga\Web\Controller\Dispatcher; use Icinga\Web\Controller\Dispatcher;
use Icinga\Web\Navigation\Navigation; use Icinga\Web\Navigation\Navigation;
use Icinga\Web\Notification; use Icinga\Web\Notification;
use Icinga\Web\Session;
use Icinga\Web\Session\Session as BaseSession;
use Icinga\Web\StyleSheet; use Icinga\Web\StyleSheet;
use Icinga\Web\View; use Icinga\Web\View;
@ -52,20 +49,6 @@ class Web extends EmbeddedWeb
*/ */
private $frontController; private $frontController;
/**
* Session object
*
* @var BaseSession
*/
private $session;
/**
* User object
*
* @var User
*/
private $user;
/** @var array */ /** @var array */
protected $accessibleMenuItems; protected $accessibleMenuItems;
@ -90,7 +73,6 @@ class Web extends EmbeddedWeb
->loadConfig() ->loadConfig()
->setupLogger() ->setupLogger()
->setupRequest() ->setupRequest()
->setupSession()
->setupNotifications() ->setupNotifications()
->setupResponse() ->setupResponse()
->setupZendMvc() ->setupZendMvc()
@ -313,48 +295,25 @@ class Web extends EmbeddedWeb
return $this; return $this;
} }
/** protected function setupUser(): static
* Create user object
*
* @return $this
*/
private function setupUser()
{ {
$auth = Auth::getInstance(); parent::setupUser();
if (! $this->request->isXmlHttpRequest() && $this->request->isApiRequest() && ! $auth->isAuthenticated()) {
$auth->authHttp();
}
if ($auth->isAuthenticated()) {
$user = $auth->getUser();
$this->getRequest()->setUser($user);
$this->user = $user;
if ($user->can('user/application/stacktraces')) { if ($this->user !== null && $this->user->can('user/application/stacktraces')) {
$displayExceptions = $this->user->getPreferences()->getValue( $displayExceptions = $this->user->getPreferences()->getValue(
'icingaweb', 'icingaweb',
'show_stacktraces' 'show_stacktraces'
);
if ($displayExceptions !== null) {
$this->frontController->setParams(
array(
'displayExceptions' => $displayExceptions
)
); );
if ($displayExceptions !== null) {
$this->frontController->setParams(
array(
'displayExceptions' => $displayExceptions
)
);
}
} }
} }
return $this;
}
/**
* Initialize a session provider
*
* @return $this
*/
private function setupSession()
{
$this->session = Session::create();
return $this; return $this;
} }