tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,214 Commits 121 Branches 71 Tags 80 MiB
Commit Graph

100 Commits

Author SHA1 Message Date
Eric Lippmann db73d324de Autologin: Fix that the backend name must have been `autologin' 
Before, the code validated the name of the backend instead of the `backend' directive against `autologin'.
 2014-06-12 17:05:54 +02:00
Eric Lippmann 7d2ee41f42 Autologin: Fix PHPDoc 2014-06-11 15:46:59 +02:00
Eric Lippmann 992ccf4f6d Autologin: Actually set the username upon authentication 
Before, when using autologin the username of the authenticated user always was the empty string.
 2014-06-11 15:46:59 +02:00
Eric Lippmann 65a2bd41bc Autologin: Do not use absolute `use' 2014-06-11 15:46:58 +02:00
Eric Lippmann 7215ba4f59 Autologin: Do not require a bogus password in the source code 2014-06-11 15:46:58 +02:00
Eric Lippmann 63fc8eb27e Autologin: Use REMOTE_USER for authentication 
It's not safe to rely on PHP_AUTH_USER and PHP_AUTH_TYPE because
PHP cgi handlers (fgcid for example) only set the REMOTE_USER environment variable
and the authentication type for negogiation methods (Kerberos for example) is neither
Basic nor Digest.
We may have to add REDIRECT_REMOTE_USER for authentication for proxy setups.
 2014-06-11 15:46:58 +02:00
Eric Lippmann c09341d77e Autologin: Do NOT sanitize username 
I don't know the reason why this was done initially but a username must not be changed.
 2014-06-11 15:46:58 +02:00
Matthias Jentsch c42c7977be Call extended backend health checks when creating ldap authentication backends 
fixes #6457
 2014-06-11 15:09:36 +02:00
Matthias Jentsch 6c82cb8988 Check ldap backend health during Authentication 
Check if authentication is possible during authentication, to generate more
useful error and log messages, in case the backend configuration is wrong

ref #6457
 2014-06-11 15:08:05 +02:00
Matthias Jentsch bca166c644 Do not throw an exception when the username does not exist 
refs #6457
 2014-06-11 15:08:05 +02:00
Marius Hein 29f593a357 Authentication: Add backend to handle external authentication 
Drop external auth configuration from config.ini and move
implementation into a single backend provider named
'autologin'. This provider can strip realm names from
username with a custom regexp.

fixes #6081
 2014-06-03 17:59:22 +02:00
Eric Lippmann cfcaf019bd User backends: Throw exception when authentication fails due to an exception 
refs #5685
 2014-06-02 15:52:58 +02:00
Eric Lippmann 2274b6e11e lib: Add phpdoc to class `AuthChain' 
refs #5685
 2014-06-02 15:46:15 +02:00
Johannes Meyer bafa8cc032 Fix authentication error handling 2014-03-28 14:45:03 +01:00
Marius Hein c92e1307f6 Fix: Database login 
fixes #5706
 2014-03-06 14:07:33 +01:00
Eric Lippmann 07d04628cf Merge branch 'feature/installation-and-configuration-cleanup-5638' 
Conflicts:
	config/config.ini.in
	library/Icinga/Application/ApplicationBootstrap.php
	library/Icinga/Application/Cli.php
	library/Icinga/Application/EmbeddedWeb.php
	library/Icinga/Application/Logger.php
	library/Icinga/Application/Modules/Manager.php
	library/Icinga/Application/Web.php
	library/Icinga/Authentication/Backend/DbUserBackend.php
	library/Icinga/Authentication/Manager.php
	library/Icinga/User/Preferences/IniStore.php
	test/php/library/Icinga/Application/LoggerTest.php
 2014-03-03 19:03:39 +01:00
Eric Lippmann 39c80dccaf Decouple authentication backend creation from Icinga\Authentication\Manager 
Add authentication backend type msldap with default values for user_class
and user_name_attribute. Backend type ldap now logs an error when user_class
and user_name_attribute ist not configured. Rename membership.ini to
memberships.ini since all our INI configuration files are in the plurar
where it makes sense. The AuthenticationController now handles
authentication

refs #5685
refs #5638
fixes #5218
 2014-03-03 17:21:17 +01:00
Matthias Jentsch 99668e87e5 Refresh session id on Authentication 
To prevent session fixation, create a new session id each time authenticate is
called.

refs #5625
 2014-02-26 19:23:34 +01:00
Matthias Jentsch b118e9679d When webserver setting is missing regular authentication will be used 
Check if the remote user is set and use regular authentication when the key is missing.

refs #5405
 2014-02-26 18:08:48 +01:00
Matthias Jentsch a8f765fa3b Add extern authentication 
Provide a new settings authenticationMode and delegate the
authentication handling to the webserver when the external authentication mode
is set. Add a new view 'logout' that will be shown after logout from external
authentication as the regular redirect to login is not possible.

refs #5405
 2014-02-26 18:08:48 +01:00
Johannes Meyer 3555e66018 Make IcingaWeb using the new log wrapper 
refs #5683
 2014-02-26 11:19:52 +01:00
Johannes Meyer 68357e9ca2 Fix coding style 2014-02-21 14:07:32 +01:00
Eric Lippmann 25665dec24 Vagrant: Add authentication.ini and resources.ini to /etc/icingaweb 
refs #5638
 2014-02-21 10:16:16 +01:00
Eric Lippmann 7fa6668b64 Make Icinga Web 2 work without any config file 
refs #5638
fixes #5523
 2014-02-20 13:53:28 +01:00
Eric Lippmann 8edf421c45 Replace debug log with respecting log priorities 
refs #5638
fixes #5522
 2014-02-18 14:46:15 +01:00
Eric Lippmann 69a482d106 Auth: Connect only when a authentication backend is used. Fix log in error messages 
refs #5506
refs #5638
fixes #4931
 2014-02-18 09:33:33 +01:00
Eric Lippmann 08d7edebfc Decouple (automatic) preferences storage from user preferences (WIP) 
DbStore, persisting preferences and tests not yet reworked.
 2014-02-14 17:28:11 +01:00
Eric Lippmann 41ffa1d7c2 Fix PHP Fatal error: Class 'Icinga\Authentication\Membership' not found in ManagerTest.php 2014-02-14 12:11:49 +01:00
Eric Lippmann d6768872c7 Revert "Change setup behavior of the AuthenticationManager to a lazy approach" 
This reverts commit 226eb4eded.

Conflicts:
	library/Icinga/Authentication/Manager.php

This fix is not appropriate

refs #5506
 2014-02-14 11:20:33 +01:00
Marius Hein 8a604f1c2c Implement structures for permissions, restrictions and membership 
refs #4624
 2014-02-12 17:03:18 +01:00
Johannes Meyer 0b28bd31e5 Fix exception when the password of a valid ldap user is invalid 2014-01-29 10:41:17 +01:00
Johannes Meyer ac0b041523 Remove session handling from the authentication manager 
refs #5510
 2014-01-24 14:44:19 +01:00
Thomas Gelf 0f565aae6a Added permission handlers and related sample config reader 
Please see feature #4108 for sample usage

refs #4108
 2014-01-22 13:06:59 +00:00
Matthias Jentsch 226eb4eded Change setup behavior of the AuthenticationManager to a lazy approach 
The authentication manager should only try to set up all backends when
necessary. Remove the backend setup from the constructor and call it only when it is actually needed.

fixes #5506
 2014-01-22 13:04:11 +01:00
Matthias Jentsch 85dbd86e5b Change all UserBackends to a lazy connection-behavior 
refs #5506
 2014-01-22 13:04:11 +01:00
Marius Hein 263f09a94c Add email column to extensible features 
refs #5151
 2013-11-28 17:23:55 +01:00
Marius Hein 93d233f37d Make DbUserBackend extensible 
Fix: Swap hmac secret key

refs #5151
 2013-11-27 11:10:07 +01:00
Matthias Jentsch 2a0add3ec3 Fix messages in ConfigController 
Store messages in the current user session to be able to fetch messages from
other controllers, so that the use can be redirected back to the index, instead
of staying in the original action

refs #5100
 2013-11-20 19:10:38 +01:00
Matthias Jentsch 941ce6d68e Fix bug that caused ajax-request to override values written to the session 
Authentication/Session.php and its Subclasses do not have a open/closed -state
anymore. Read will refresh the session, write will always write the changes,
and opening/closing will be handled internally.

refs #5101
 2013-11-20 12:01:40 +01:00
Matthias Jentsch bd38e998d7 Provide a cleaner interface for the Authentication Backends 
refs #4786
 2013-11-06 14:49:16 +01:00
Matthias Jentsch ad08691362 Extend resources.ini to contain all resources, including ldap 
Remove the old calls to DbAdapterFactory and use ResourceFactory instead. Remove
the DbAdapterFactory and fix all unit tests that have been broken due to the changes.
Change the functionality of the ResourceFactory to also handle LdapConnections

resolves #4587
 2013-11-06 10:20:15 +01:00
Eric Lippmann ca1d50ae53 Rename Icinga 2 Web to Icinga Web 2 2013-10-23 15:11:06 +02:00
Marius Hein dd214bbe16 Implement disable flag for authentication backends 
refs #4941
 2013-10-22 17:50:21 +02:00
Marius Hein 439168ecfb Fix ldap connection port setting 
refs #4941
 2013-10-22 17:50:21 +02:00
Eric Lippmann a5908c9553 CS: Replace multiple empty lines with one 
find application/ library/Icinga/ test/ modules/ -name *.php | xargs sed -i '/^$/N;/^\n$/D'
 2013-09-04 18:36:10 +02:00
Eric Lippmann 35fd9fd391 CS: Remove whitespaces at end of line 
find application/ library/ test/ modules/ -name *.php | xargs sed -i 's/\s\+$//'
 2013-09-04 18:27:16 +02:00
Marius Hein 446da85a88 UserBackend: Fix interface in test 
refs #4593
 2013-08-30 15:32:06 +02:00
Marius Hein e2e744a424 Fix authentication chain 
refs #4593
 2013-08-30 14:46:52 +02:00
Marius Hein 845f181001 CS: Fix UserBackend interface 
refs #4641
 2013-08-30 12:50:57 +02:00
Marius Hein bed759d597 CS: Fix session classes 
refs #4641
 2013-08-30 12:50:57 +02:00