tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,656 Commits 120 Branches 75 Tags
Commit Graph

453 Commits

Author SHA1 Message Date
Johannes Meyer
f8e1137060 Remove restriction macro user:local_name 2022-06-14 14:24:30 +02:00
Sukhwinder Dhillon
aad2419545 Remove obsolete config_backend option and not required code 
The user preferences backend is now always a `db`.
 2022-05-27 14:02:11 +02:00
Sukhwinder Dhillon
8ff1a22df7 Set preferences store type to Db and make it non-configurable 2022-05-27 13:55:48 +02:00
Sukhwinder Dhillon
1b1eb3436f sql: Change charset to utf8mb4 
fixes https://github.com/Icinga/icingaweb2/issues/4680
 2022-05-02 15:36:31 +02:00
Alexander Aleksandrovič Klimov
874af33d81 Correct Auth#getUser() type spec 
Doc says it may be null.
 2022-04-11 13:30:24 +02:00
Johannes Meyer
3dc384fb58 Avoid passing null to non-nullable arguments 2022-03-24 12:29:06 +01:00
Johannes Meyer
c038e84fc2 Ensure Return Type Compatibility with Internal Classes 2022-03-24 12:29:06 +01:00
Johannes Meyer
0b6f71c446 If enforcing a charset, DO IT ONLY IF THE DB TYPE IS CORRECT 2021-07-28 09:04:28 +02:00
Johannes Meyer
517c108cc4 UserGroupBackend: Always use utf8 as db connection charset 2021-07-26 16:37:41 +02:00
Johannes Meyer
7ce3778378 UserBackend: Always use utf8 as db connection charset 2021-07-26 16:37:35 +02:00
Eric Lippmann
d1aaaf7fb0 Replace user:local_name with user.local_name macro in restrictions 2021-06-28 15:16:56 +02:00
Johannes Meyer
82485236f7 Auth: Also reload theme mode if no theme is active 
refs #4390
 2021-06-24 09:44:28 +02:00
Sukhwinder Dhillon
492a9ec229 Auth: Reload CSS if mode change 2021-06-23 17:34:27 +02:00
Johannes Meyer
0756797fbb Make configuration of custom user-group backends possible 
refs #2840
 2021-06-18 10:41:39 +02:00
Gianluca Piccolo
1e7f700102 Make configuration of custom user backends possible 
refs Icinga/icingaweb2#2840
 2021-06-18 10:28:35 +02:00
Johannes Meyer
a87f15c861 Auth: Reload entire layout if the locale changes 2021-05-17 13:20:42 +02:00
Johannes Meyer
d9a87f76a2 AdmissionLoader: Optimize role loading 2021-04-14 10:11:19 +02:00
Johannes Meyer
ab90b3e0a1 Role: Add param $cascadeUpwards also to public method grant() 2021-04-07 14:30:14 +02:00
Johannes Meyer
9d10424f97 AdmissionLoader: Set additional user information assigned_roles 2021-04-07 14:30:14 +02:00
Johannes Meyer
f4da973f68 Auth: Only reload CSS upon login if the theme **really** changed 
fixes #2233
 2021-04-07 14:30:14 +02:00
Johannes Meyer
0aa4e25723 Auth: Introduce method setupUser() 
This was previously part of method `setAuthenticated()`.
Split up to allow external usage.
 2021-04-07 14:30:14 +02:00
Johannes Meyer
5dfa5e28da User: Add property $unrestricted 2021-03-09 11:27:13 +01:00
Johannes Meyer
6a5e12af04 LdapUserGroupBackend: Properly handle multi-valued names 2021-02-23 08:22:58 +01:00
sukhwinder33445
ab97b6fdf0
Enforce database as configuration backend (#4135) 2021-02-18 12:31:21 +01:00
Johannes Meyer
cc65164a67 Adjust global permissions 2021-02-18 11:11:39 +01:00
Johannes Meyer
429a70f05f Auth: Allow to ignore any and all restrictions 2021-02-18 11:11:39 +01:00
Johannes Meyer
6eb0139446 User: Move $user:local_name$ handling to class AdmissionLoader 
This way it also adjusts the roles directly, and not just their
copies for the user object
 2021-02-18 11:11:39 +01:00
Johannes Meyer
bdd0f204f0 Auth: Support single inheritance in roles 2021-02-18 11:11:39 +01:00
Johannes Meyer
87d741265e Auth: Add support for denied permissions 2021-02-18 11:11:39 +01:00
Johannes Meyer
c0541d70e9 Move permission match code from class User to Role 2021-02-18 11:11:39 +01:00
Johannes Meyer
4d173e6746 DbUserBackend: Lowercase usernames before fetching password hashes 
The BINARY cast to make trailing spaces significant (#4030) also
made these queries case-sensitive. This wasn't identified at the
time because the query itself wasn't case-insensitive, but the
default collation on the `name` column. (Tests sometimes are the
perfect mitigation for this...)

fixes #4184
 2020-06-24 14:08:30 +02:00
Eric Lippmann
990a5e4d61 Introduce Auth::setUser() 2020-03-02 14:15:53 +01:00
Johannes Meyer
f63dfa5294 DbUserBackend: Use binary string comparison if it's a mysql db 2019-12-11 10:15:05 +01:00
Johannes Meyer
668ae38497 ExternalBackend: Don't authenticate a user if REMOTE_USER is empty 2019-12-05 15:13:02 +01:00
Johannes Meyer
9de9fe8f39 Introduce class RolesConfig 2019-07-23 13:53:29 +02:00
Johannes Meyer
59fa054d42 AuthChain: Send failed login-attempts to the audit log 
resolves #3855
 2019-07-11 14:41:17 +02:00
Thomas Gelf
08c879249b Auth: do not ask for unrelated group membership 
If a specific User-Backend has been assigned to a Group Backend, and
the User has been authenticated by another User-Backend, then there is
no need to ask the unrelated Groups Backend for membership.
 2018-12-18 14:51:13 +01:00
Johannes Meyer
2f9037e545 Auth: Log which groups were identified for the user being authenticated 2018-10-08 14:02:26 +02:00
Johannes Meyer
3c69a63ce3 LdapUserGroupBackend: Log what the ambiguity check does 2018-10-08 10:34:27 +02:00
Johannes Meyer
f28f7150fc AuditHook: Enforce a named identity and allow to pass a explicit time 2018-07-18 14:45:00 +02:00
Eric Lippmann
d6c4df7a5d Use password_hash and password_verify 2018-07-03 13:08:06 +02:00
Eric Lippmann
faaff42096 Revert "Introduce PasswordHelper for safer passwords" 
This reverts commit f57277aa96ce91a0e6761b04937447b9a2a9a679.

Since we're dropping PHP support for versions lower than 5.6 this class is no longer necessary.
 2018-07-03 13:08:06 +02:00
Johannes Meyer
3f66bd7437 Auth: Log login/logout activities to the audit log 
refs #2563
 2018-06-08 14:21:15 +02:00
Eric Lippmann
4a000d0098 Revert "Merge branch 'bugfix/domain-aware-auth-non-domain-ldap-group-backend-3250'" 
This reverts commit 5cb7deda20c4e69a5461ec646af2fedfb3a151a0, reversing
changes made to 02391e648be2f29b28ddbf7a08ebe6459a0fc6d7.

The change must be reverted because it makes it impossible to load groups
if domain aware auth is not enabled and the authenticated user specifies a domain.

refs #3324
 2018-03-19 13:10:47 +01:00
Alexander A. Klimov
72ec132f25 Correct interfaces to conform to PHP 7.2+ 2018-01-24 11:50:10 +01:00
Alexander A. Klimov
7106de5aa2 DbUserGroupBackend: implement Inspectable 
refs #3233
 2018-01-19 16:31:24 +01:00
Alexander A. Klimov
7227e10824 LdapUserGroupBackend: implement Inspectable 
refs #3233
 2018-01-19 16:31:24 +01:00
lippserd
ddfafb27f6
Merge pull request #3256 from Icinga/bugfix/multi-domain-support-broken-3232 
Make multi-domain authn working w/ upper-case domains in user names
 2018-01-17 11:57:48 +01:00
Alexander A. Klimov
8c7ccce4a7 Make multi-domain authn working w/ upper-case domains in user names 
refs #3232
 2018-01-16 10:36:22 +01:00
Paolo Schiro
c806099e1b Avoid including domain users in a group not belonging to a domain 
Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>

refs #3250
 2018-01-15 11:19:35 +01:00