tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-10-31 03:14:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,644 Commits 137 Branches 76 Tags
Commit Graph

453 Commits

Author SHA1 Message Date
Johannes Meyer
eb4672923f Require the OpenSSL module instead of providing an unsafe fallback 
refs #7163
 2014-11-11 10:19:09 +01:00
Johannes Meyer
9d292269b1 Merge branch 'master' into feature/setup-wizard-7163 
Conflicts:
	application/forms/Config/Resource/LdapResourceForm.php
	test/php/application/forms/Config/Authentication/LdapBackendFormTest.php
 2014-11-11 09:44:11 +01:00
Johannes Meyer
2bb7217d04 Do not require the openssl extension 2014-11-10 11:20:02 +01:00
Johannes Meyer
124f64ad89 Merge branch 'master' into bugfix/drop-zend-config-7147 2014-11-07 14:07:15 +01:00
Johannes Meyer
7b99b74ae1 Prefer Icinga\Application\Config instead of Zend_Config 
refs #7147
 2014-11-07 13:53:03 +01:00
Matthias Jentsch
d0706a55ea Chain exceptions in LdapUserBackend instead of printing the message 2014-11-06 16:32:43 +01:00
Johannes Meyer
7569c55796 Fix how password hashes are stored and retrieved in DbUserBackend 2014-11-04 15:52:09 +01:00
Johannes Meyer
170ded6510 Merge branch 'master' into feature/setup-wizard-7163 
Conflicts:
	library/Icinga/Authentication/Backend/LdapUserBackend.php
	library/Icinga/File/Ini/IniWriter.php
 2014-11-04 14:22:53 +01:00
Johannes Meyer
8913bf53c9 Fix salt extraction 2014-11-04 13:03:36 +01:00
Johannes Meyer
99277383b9 Fix retrieving a user's data from the database 2014-11-04 13:03:12 +01:00
Johannes Meyer
cad8f7538e Leave it up to the database to decide what is the current time 2014-11-04 12:42:39 +01:00
Matthias Jentsch
f9fee2df70 Do not interrupt authentication chain on invalid ldap connection infos 
Catch LdapExceptions and throw AuthenticationException to not interrupt authentication chain

fixes #7497
 2014-11-04 12:35:41 +01:00
Eric Lippmann
16352fc10c Move Logger to the Application namespace 
fixes #7148
 2014-10-31 10:27:17 +01:00
Johannes Meyer
4f1e1ddb6f Adjust the DbUserBackend to reflect the new database schema 2014-10-30 15:40:07 +01:00
Johannes Meyer
c1bff9a26e Merge branch 'master' into feature/setup-wizard-7163 2014-10-30 10:38:21 +01:00
Eric Lippmann
f68c591a46 LDAP Auth: Make group loading really optional 
fixes #7432
 2014-10-23 03:50:03 +02:00
Johannes Meyer
8c62c66a4e Make regular expression pattern in autologin backend being fully optional 2014-10-20 15:14:14 +02:00
Eric Lippmann
424cee6b4a Auth: Load user groups using the new user group backends 2014-10-20 13:43:40 +02:00
Eric Lippmann
aa56f3010c lib: Add DbUserGroupBackend 2014-10-20 13:42:33 +02:00
Eric Lippmann
d170cf0c9d lib: Replace Membership with IniUserGroupBackend 2014-10-20 13:42:15 +02:00
Eric Lippmann
d1228deef2 lib: Add UserGroupBackend as base class and factory for user group backends 2014-10-20 13:41:33 +02:00
Eric Lippmann
cee261bf7e Use lowercase username and user groups for loading user permissions and restrictions 2014-10-20 13:36:37 +02:00
Matthias Jentsch
9a9aa84e23 Respect base_dn in LdapUserBackend 2014-10-14 14:37:21 +02:00
Matthias Jentsch
dd21b7b5d1 Make sure that we work only with arrays when handling LDAP groups 2014-10-09 10:14:42 +02:00
Matthias Jentsch
04e83a53c5 Add `base_dn' directive to LDAP backend config 2014-10-09 10:10:09 +02:00
Johannes Meyer
1cbe2451a8 Merge branch 'master' into feature/setup-wizard-7163 
Conflicts:
	application/forms/Config/Resource/StatusdatResourceForm.php
 2014-10-08 16:34:31 +02:00
Johannes Meyer
96ba45d896 Convert password salt to ASCII to avoid encoding issues with PostgreSQL 2014-10-08 15:26:42 +02:00
Johannes Meyer
393191ced1 Add admin creation routine 
refs #7163
 2014-10-08 10:26:12 +02:00
Alexander Fuhr
421263af00 Make LDAP Groups optional 
refs #7343
 2014-10-06 13:35:17 +02:00
Alexander Fuhr
017d4b8c9d Introduce Groups from LDAP to User Object 2014-10-01 16:03:42 +02:00
Eric Lippmann
74bd9b319d restrictions: Include restriction's section name in user restrictions 2014-10-01 14:08:21 +02:00
Eric Lippmann
084691570e permissions: Use a comma-separated list as config instead of the `permission_*' directives 
Permissions are now set using a comma-separated list of permissions using the `permissions' config because
the `users' and `groups' are comma-separated lists too.
 2014-10-01 08:14:03 +02:00
Johannes Meyer
8fcf21a6b8 Make it possible to retrieve a list of available users for authentication 
refs #7163
 2014-09-29 11:21:40 +02:00
Johannes Meyer
c00dbf9f46 Write session on response 
There should not be any necessity to write the session once changes are
being made to it. We now track whether changes were made and write
the session when responding to the user's request if so.
 2014-09-24 10:46:35 +02:00
Eric Lippmann
f1d3b72f05 autologin: Fix externally-authenticated users still being authenticated after external authentication is disabled 
The if condition for revoking authentication if the username changed relied on having the `$_SERVER' variable set which was used for authentication.
Authentication is now revoked if the username changed or external authentication is no longer in effect.

refs #6462
 2014-09-18 15:20:46 +02:00
Eric Lippmann
794910256a Use User::can()' in hasPermission()' of the authentication manager 2014-09-18 14:57:24 +02:00
Alexander Klimov
45638b218c Throw IcingaException rather than Exception 
fixes #7014
 2014-08-27 16:03:15 +02:00
Alexander Klimov
9c5878cbbe ConfigurationError: extend IcingaException 
refs #6931
 2014-08-22 11:46:11 +02:00
Alexander Klimov
b764993091 AuthenticationException: extend IcingaException 
refs #6931
 2014-08-22 10:59:52 +02:00
Marius Hein
56a29354d3 AutoLogin: Check the remote username against logged in user 
fixes #6462
 2014-07-30 12:54:08 +02:00
Marius Hein
e2c761a7aa AutoLogin/Logout: Remove own session namespace 
Store data in the user and implement interface to left
backends store remote information.

fixes #6461
 2014-07-30 12:35:55 +02:00
Eric Lippmann
294728ac47 Revert "Autologin: Test logged session against remote user" 
This reverts commit 64954e99244f26cc6b6dccc7d60a253c105bd550.

If the strip_username_regex is configured on the autologin backend and applies on a user's name,
the authenticated user's username does never match the REMOTE_USER server variable.
Thus the application will logout/login on every request which results in a redirect loop.

refs #6462
 2014-07-29 17:50:44 +02:00
Marius Hein
64954e9924 Autologin: Test logged session against remote user 
fixes #6462
 2014-07-29 12:06:43 +02:00
Marius Hein
8b9d446d2e Autologin: Remove deprecated autologin methods 
Remove methods from manager because autologin
is now handled with special backends (AutoLoginBackend).

The session is used to store the status about a remote
user authentication to send a 401 header to the client
upon logout.

refs #6461
 2014-07-29 10:48:57 +02:00
Johannes Meyer
b40027b6c7 Purge session when logging out 
fixes #6739
 2014-07-16 09:55:22 +02:00
Johannes Meyer
19f05256a0 Only call session_start() when reading from session 
fixes #6383
 2014-07-16 09:55:22 +02:00
Johannes Meyer
3105c2059e Remove license headers from all files 
refs #6309
 2014-07-15 13:43:52 +02:00
Matthias Jentsch
57f3023ec4 Fix coding style 2014-07-03 16:20:45 +02:00
Matthias Jentsch
c18b6f26f0 Throw Ldap\Exception when something goes wrong in a Ldap connection 2014-06-25 12:41:17 +02:00
Matthias Jentsch
77a9dd1e6e Throw exception on fetchDN, when no row exists 
Instead of fetchDN, authentication now uses hasUser to check if the user
exists before querying the password, to prevent the exception from messing
up the whole authentication process
 2014-06-23 14:02:45 +02:00