tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

EmbeddedWeb: Explicitly perform authentication

Browse Source 
It is nowadays no exception that stylesheet may be dependent
on who's using the app. So to avoid race conditions like
in #5385 authentication is an explicit step during bootstrap
now.

fixes #5385
This commit is contained in:
Johannes Meyer 2025-07-08 14:16:42 +02:00
parent dadff36660
commit a28eb4beb8
2 changed files with 46 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
library/Icinga/Application/EmbeddedWeb.php
View File

@ -5,6 +5,8 @@ namespace Icinga\Application;
require_once dirname(__FILE__) . '/ApplicationBootstrap.php';
use Icinga\Authentication\Auth;
use Icinga\User;
use Icinga\Web\Request;
use Icinga\Web\Response;
use ipl\I18n\NoopTranslator;
@ -35,6 +37,13 @@ class EmbeddedWeb extends ApplicationBootstrap
*/
protected $response;
/**
* User object
*
* @var ?User
*/
protected ?User $user = null;
/**
* Get the request
*
@ -65,10 +74,10 @@ class EmbeddedWeb extends ApplicationBootstrap
protected function bootstrap()
{
return $this
->setupLogging()
->setupErrorHandling()
->loadLibraries()
->loadConfig()
->setupLogging()
->setupLogger()
->setupRequest()
->setupResponse()
@ -76,6 +85,8 @@ class EmbeddedWeb extends ApplicationBootstrap
->prepareFakeInternationalization()
->setupModuleManager()
->loadEnabledModules()
->setupUserBackendFactory()
->setupUser()
->registerApplicationHooks();
}
@ -101,6 +112,27 @@ class EmbeddedWeb extends ApplicationBootstrap
return $this;
}
/**
* Create user object
*
* @return $this
*/
protected function setupUser(): static
{
$auth = Auth::getInstance();
if (! $this->request->isXmlHttpRequest() && $this->request->isApiRequest() && ! $auth->isAuthenticated()) {
$auth->authHttp();
}
if ($auth->isAuthenticated()) {
$user = $auth->getUser();
$this->getRequest()->setUser($user);
$this->user = $user;
}
return $this;
}
/**
* Prepare fake internationalization
*

47
library/Icinga/Application/Web.php
View File

@ -16,14 +16,11 @@ use Zend_Layout;
use Zend_Paginator;
use Zend_View_Helper_PaginationControl;
use Icinga\Authentication\Auth;
use Icinga\User;
use Icinga\Util\DirectoryIterator;
use Icinga\Util\TimezoneDetect;
use Icinga\Web\Controller\Dispatcher;
use Icinga\Web\Navigation\Navigation;
use Icinga\Web\Notification;
use Icinga\Web\Session;
use Icinga\Web\Session\Session as BaseSession;
use Icinga\Web\StyleSheet;
use Icinga\Web\View;
@ -52,20 +49,6 @@ class Web extends EmbeddedWeb
*/
private $frontController;
/**
* Session object
*
* @var BaseSession
*/
private $session;
/**
* User object
*
* @var User
*/
private $user;
/** @var array */
protected $accessibleMenuItems;
@ -90,7 +73,6 @@ class Web extends EmbeddedWeb
->loadConfig()
->setupLogger()
->setupRequest()
->setupSession()
->setupNotifications()
->setupResponse()
->setupZendMvc()
@ -313,23 +295,11 @@ class Web extends EmbeddedWeb
return $this;
}
/**
* Create user object
*
* @return $this
*/
private function setupUser()
protected function setupUser(): static
{
$auth = Auth::getInstance();
if (! $this->request->isXmlHttpRequest() && $this->request->isApiRequest() && ! $auth->isAuthenticated()) {
$auth->authHttp();
}
if ($auth->isAuthenticated()) {
$user = $auth->getUser();
$this->getRequest()->setUser($user);
$this->user = $user;
parent::setupUser();
if ($user->can('user/application/stacktraces')) {
if ($this->user !== null && $this->user->can('user/application/stacktraces')) {
$displayExceptions = $this->user->getPreferences()->getValue(
'icingaweb',
'show_stacktraces'
@ -343,18 +313,7 @@ class Web extends EmbeddedWeb
);
}
}
}
return $this;
}
/**
* Initialize a session provider
*
* @return $this
*/
private function setupSession()
{
$this->session = Session::create();
return $this;
}