tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-08-18 08:18:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,188 Commits 133 Branches 76 Tags
Commit Graph

466 Commits

Author SHA1 Message Date
Johannes Meyer
078fdc84ab Manager: Perform module loading asynchronously 
So that authentication can suspend it. There are cases,
e.g. cube, where authentication is required in run.php.
During bootstrapping loading modules is mostly required
to load libraries, register routes and hooks. Most of the
time authentication is not required for these, but if
it is, evaluation is now interrupted and continued
after authentication has actually been performed.

I don't see a real risk for any breaking change here,
since authentication happens shortly after. It actually
avoids a breaking change, since without this, cube's
Icinga DB support would break or at least malfunction.

And cube is only a single example.

refs #5265
 2025-07-08 16:41:18 +02:00
Johannes Meyer
4ebd1e42e0 Auth: Perform authentication only once and not lazily 
Since authentication is now performed even for static
resources, there's no reason anymore to support implicit
authentication. This also limits authentication attempts
to a single one, previously failed attempts were repeated.

Requiring authentication during bootstrapping, i.e. before
authentication has been performed, will now trigger a
deprecation notice.

refs #5265
 2025-07-08 16:41:18 +02:00
Johannes Meyer
1ddd04df50 DbUserBackend: Fix broken password hash fetch routine 
fixes #5343
 2025-03-26 16:40:48 +01:00
Johannes Meyer
92dad17a2b DbUserGroupBackend: Match memberships case-insensitive on pgsql 2025-03-20 16:24:21 +01:00
Johannes Meyer
13c9a73842 DbUserBackend: Match usernames case-insensitive on pgsql 2025-03-20 16:24:21 +01:00
Sukhwinder Dhillon
c6c1e28350 RolesConfig: Add missing column name for quick search 2025-03-20 14:30:45 +01:00
Johannes Meyer
8551fffd4f roles: Fix default sort rule by name 2024-11-05 09:16:21 +01:00
Sukhwinder Dhillon
e3b89184ae UserGroupBackend: Fix Variable '$backend' is probably undefined 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
61b827a43c DbUserGroupBackend: Remove unnecessary (! $groupName) check 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
54b3539896 UserBackend: Fix Variable '$backend' is probably undefined 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
2626d42c54 LdapUserBackend: Import missing Exception 2023-08-23 10:53:14 +02:00
raviks789
b585ed25df LdapUserGroupBackend: Update PHPDoc for method retrieveUserName() 2023-08-23 10:53:13 +02:00
raviks789
381aee94d1 LdapUserBackend: Import exception QueryException 
Method `LdapUserBackend::requireQueryColumn()` throws exception `QueryException`
 2023-08-23 10:53:13 +02:00
Johannes Meyer
f8e1137060 Remove restriction macro user:local_name 2022-06-14 14:24:30 +02:00
Sukhwinder Dhillon
aad2419545 Remove obsolete config_backend option and not required code 
The user preferences backend is now always a `db`.
 2022-05-27 14:02:11 +02:00
Sukhwinder Dhillon
8ff1a22df7 Set preferences store type to Db and make it non-configurable 2022-05-27 13:55:48 +02:00
Sukhwinder Dhillon
1b1eb3436f sql: Change charset to utf8mb4 
fixes https://github.com/Icinga/icingaweb2/issues/4680
 2022-05-02 15:36:31 +02:00
Alexander Aleksandrovič Klimov
874af33d81 Correct Auth#getUser() type spec 
Doc says it may be null.
 2022-04-11 13:30:24 +02:00
Johannes Meyer
3dc384fb58 Avoid passing null to non-nullable arguments 2022-03-24 12:29:06 +01:00
Johannes Meyer
c038e84fc2 Ensure Return Type Compatibility with Internal Classes 2022-03-24 12:29:06 +01:00
Johannes Meyer
0b6f71c446 If enforcing a charset, DO IT ONLY IF THE DB TYPE IS CORRECT 2021-07-28 09:04:28 +02:00
Johannes Meyer
517c108cc4 UserGroupBackend: Always use utf8 as db connection charset 2021-07-26 16:37:41 +02:00
Johannes Meyer
7ce3778378 UserBackend: Always use utf8 as db connection charset 2021-07-26 16:37:35 +02:00
Eric Lippmann
d1aaaf7fb0 Replace user:local_name with user.local_name macro in restrictions 2021-06-28 15:16:56 +02:00
Johannes Meyer
82485236f7 Auth: Also reload theme mode if no theme is active 
refs #4390
 2021-06-24 09:44:28 +02:00
Sukhwinder Dhillon
492a9ec229 Auth: Reload CSS if mode change 2021-06-23 17:34:27 +02:00
Johannes Meyer
0756797fbb Make configuration of custom user-group backends possible 
refs #2840
 2021-06-18 10:41:39 +02:00
Gianluca Piccolo
1e7f700102 Make configuration of custom user backends possible 
refs Icinga/icingaweb2#2840
 2021-06-18 10:28:35 +02:00
Johannes Meyer
a87f15c861 Auth: Reload entire layout if the locale changes 2021-05-17 13:20:42 +02:00
Johannes Meyer
d9a87f76a2 AdmissionLoader: Optimize role loading 2021-04-14 10:11:19 +02:00
Johannes Meyer
ab90b3e0a1 Role: Add param $cascadeUpwards also to public method grant() 2021-04-07 14:30:14 +02:00
Johannes Meyer
9d10424f97 AdmissionLoader: Set additional user information assigned_roles 2021-04-07 14:30:14 +02:00
Johannes Meyer
f4da973f68 Auth: Only reload CSS upon login if the theme **really** changed 
fixes #2233
 2021-04-07 14:30:14 +02:00
Johannes Meyer
0aa4e25723 Auth: Introduce method setupUser() 
This was previously part of method `setAuthenticated()`.
Split up to allow external usage.
 2021-04-07 14:30:14 +02:00
Johannes Meyer
5dfa5e28da User: Add property $unrestricted 2021-03-09 11:27:13 +01:00
Johannes Meyer
6a5e12af04 LdapUserGroupBackend: Properly handle multi-valued names 2021-02-23 08:22:58 +01:00
sukhwinder33445
ab97b6fdf0
Enforce database as configuration backend (#4135) 2021-02-18 12:31:21 +01:00
Johannes Meyer
cc65164a67 Adjust global permissions 2021-02-18 11:11:39 +01:00
Johannes Meyer
429a70f05f Auth: Allow to ignore any and all restrictions 2021-02-18 11:11:39 +01:00
Johannes Meyer
6eb0139446 User: Move $user:local_name$ handling to class AdmissionLoader 
This way it also adjusts the roles directly, and not just their
copies for the user object
 2021-02-18 11:11:39 +01:00
Johannes Meyer
bdd0f204f0 Auth: Support single inheritance in roles 2021-02-18 11:11:39 +01:00
Johannes Meyer
87d741265e Auth: Add support for denied permissions 2021-02-18 11:11:39 +01:00
Johannes Meyer
c0541d70e9 Move permission match code from class User to Role 2021-02-18 11:11:39 +01:00
Johannes Meyer
4d173e6746 DbUserBackend: Lowercase usernames before fetching password hashes 
The BINARY cast to make trailing spaces significant (#4030) also
made these queries case-sensitive. This wasn't identified at the
time because the query itself wasn't case-insensitive, but the
default collation on the `name` column. (Tests sometimes are the
perfect mitigation for this...)

fixes #4184
 2020-06-24 14:08:30 +02:00
Eric Lippmann
990a5e4d61 Introduce Auth::setUser() 2020-03-02 14:15:53 +01:00
Johannes Meyer
f63dfa5294 DbUserBackend: Use binary string comparison if it's a mysql db 2019-12-11 10:15:05 +01:00
Johannes Meyer
668ae38497 ExternalBackend: Don't authenticate a user if REMOTE_USER is empty 2019-12-05 15:13:02 +01:00
Johannes Meyer
9de9fe8f39 Introduce class RolesConfig 2019-07-23 13:53:29 +02:00
Johannes Meyer
59fa054d42 AuthChain: Send failed login-attempts to the audit log 
resolves #3855
 2019-07-11 14:41:17 +02:00
Thomas Gelf
08c879249b Auth: do not ask for unrelated group membership 
If a specific User-Backend has been assigned to a Group Backend, and
the User has been authenticated by another User-Backend, then there is
no need to ask the unrelated Groups Backend for membership.
 2018-12-18 14:51:13 +01:00