f8e1137060
Remove restriction macro `user:local_name`
2022-06-14 14:24:30 +02:00
aad2419545
Remove obsolete `config_backend` option and not required code
...
The user preferences backend is now always a `db`.
2022-05-27 14:02:11 +02:00
8ff1a22df7
Set preferences store type to `Db` and make it non-configurable
2022-05-27 13:55:48 +02:00
1b1eb3436f
sql: Change charset to `utf8mb4`
...
fixes https://github.com/Icinga/icingaweb2/issues/4680
2022-05-02 15:36:31 +02:00
874af33d81
Correct Auth#getUser() type spec
...
Doc says it may be null.
2022-04-11 13:30:24 +02:00
3dc384fb58
Avoid passing `null` to non-nullable arguments
2022-03-24 12:29:06 +01:00
c038e84fc2
Ensure Return Type Compatibility with Internal Classes
2022-03-24 12:29:06 +01:00
0b6f71c446
If enforcing a charset, DO IT ONLY IF THE DB TYPE IS CORRECT
2021-07-28 09:04:28 +02:00
517c108cc4
UserGroupBackend: Always use `utf8` as db connection charset
2021-07-26 16:37:41 +02:00
7ce3778378
UserBackend: Always use `utf8` as db connection charset
2021-07-26 16:37:35 +02:00
d1aaaf7fb0
Replace user:local_name with user.local_name macro in restrictions
2021-06-28 15:16:56 +02:00
82485236f7
Auth: Also reload theme mode if no theme is active
...
refs #4390
2021-06-24 09:44:28 +02:00
492a9ec229
Auth: Reload CSS if mode change
2021-06-23 17:34:27 +02:00
0756797fbb
Make configuration of custom user-group backends possible
...
refs #2840
2021-06-18 10:41:39 +02:00
1e7f700102
Make configuration of custom user backends possible
...
refs Icinga/icingaweb2#2840
2021-06-18 10:28:35 +02:00
a87f15c861
Auth: Reload entire layout if the locale changes
2021-05-17 13:20:42 +02:00
d9a87f76a2
AdmissionLoader: Optimize role loading
2021-04-14 10:11:19 +02:00
ab90b3e0a1
Role: Add param `$cascadeUpwards` also to public method `grant()`
2021-04-07 14:30:14 +02:00
9d10424f97
AdmissionLoader: Set additional user information `assigned_roles`
2021-04-07 14:30:14 +02:00
f4da973f68
Auth: Only reload CSS upon login if the theme **really** changed
...
fixes #2233
2021-04-07 14:30:14 +02:00
0aa4e25723
Auth: Introduce method `setupUser()`
...
This was previously part of method `setAuthenticated()`.
Split up to allow external usage.
2021-04-07 14:30:14 +02:00
5dfa5e28da
User: Add property `$unrestricted`
2021-03-09 11:27:13 +01:00
6a5e12af04
LdapUserGroupBackend: Properly handle multi-valued names
2021-02-23 08:22:58 +01:00
ab97b6fdf0
Enforce database as configuration backend ( #4135 )
2021-02-18 12:31:21 +01:00
cc65164a67
Adjust global permissions
2021-02-18 11:11:39 +01:00
429a70f05f
Auth: Allow to ignore any and all restrictions
2021-02-18 11:11:39 +01:00
6eb0139446
User: Move `$user:local_name$` handling to class `AdmissionLoader`
...
This way it also adjusts the roles directly, and not just their
copies for the user object
2021-02-18 11:11:39 +01:00
bdd0f204f0
Auth: Support single inheritance in roles
2021-02-18 11:11:39 +01:00
87d741265e
Auth: Add support for denied permissions
2021-02-18 11:11:39 +01:00
c0541d70e9
Move permission match code from class `User` to `Role`
2021-02-18 11:11:39 +01:00
4d173e6746
DbUserBackend: Lowercase usernames before fetching password hashes
...
The BINARY cast to make trailing spaces significant (#4030 ) also
made these queries case-sensitive. This wasn't identified at the
time because the query itself wasn't case-insensitive, but the
default collation on the `name` column. (Tests sometimes are the
perfect mitigation for this...)
fixes #4184
2020-06-24 14:08:30 +02:00
990a5e4d61
Introduce Auth::setUser()
2020-03-02 14:15:53 +01:00
f63dfa5294
DbUserBackend: Use binary string comparison if it's a mysql db
2019-12-11 10:15:05 +01:00
668ae38497
ExternalBackend: Don't authenticate a user if `REMOTE_USER` is empty
2019-12-05 15:13:02 +01:00
9de9fe8f39
Introduce class RolesConfig
2019-07-23 13:53:29 +02:00
59fa054d42
AuthChain: Send failed login-attempts to the audit log
...
resolves #3855
2019-07-11 14:41:17 +02:00
08c879249b
Auth: do not ask for unrelated group membership
...
If a specific User-Backend has been assigned to a Group Backend, and
the User has been authenticated by another User-Backend, then there is
no need to ask the unrelated Groups Backend for membership.
2018-12-18 14:51:13 +01:00
2f9037e545
Auth: Log which groups were identified for the user being authenticated
2018-10-08 14:02:26 +02:00
3c69a63ce3
LdapUserGroupBackend: Log what the ambiguity check does
2018-10-08 10:34:27 +02:00
f28f7150fc
AuditHook: Enforce a named identity and allow to pass a explicit time
2018-07-18 14:45:00 +02:00
d6c4df7a5d
Use password_hash and password_verify
2018-07-03 13:08:06 +02:00
faaff42096
Revert "Introduce PasswordHelper for safer passwords"
...
This reverts commit f57277aa96
2018-07-03 13:08:06 +02:00
3f66bd7437
Auth: Log login/logout activities to the audit log
...
refs #2563
2018-06-08 14:21:15 +02:00
4a000d0098
Revert "Merge branch 'bugfix/domain-aware-auth-non-domain-ldap-group-backend-3250'"
...
This reverts commit 5cb7deda2002391e648b#3324
2018-03-19 13:10:47 +01:00
72ec132f25
Correct interfaces to conform to PHP 7.2+
2018-01-24 11:50:10 +01:00
7106de5aa2
DbUserGroupBackend: implement Inspectable
...
refs #3233
2018-01-19 16:31:24 +01:00
7227e10824
LdapUserGroupBackend: implement Inspectable
...
refs #3233
2018-01-19 16:31:24 +01:00
ddfafb27f6
Merge pull request #3256 from Icinga/bugfix/multi-domain-support-broken-3232
...
Make multi-domain authn working w/ upper-case domains in user names
2018-01-17 11:57:48 +01:00
8c7ccce4a7
Make multi-domain authn working w/ upper-case domains in user names
...
refs #3232
2018-01-16 10:36:22 +01:00
c806099e1b
Avoid including domain users in a group not belonging to a domain
...
Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>
refs #3250
2018-01-15 11:19:35 +01:00
Johannes Meyer
Sukhwinder Dhillon
Alexander Aleksandrovič Klimov
Eric Lippmann
Gianluca Piccolo
sukhwinder33445
Thomas Gelf
lippserd
Paolo Schiro