tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-7984-falla-chequeo-de-acls-en-la-api' into 'develop'

Browse Source 
Fixed API access

See merge request artica/pandorafms!4395
This commit is contained in:
Daniel Rodriguez 2021-09-09 08:07:15 +00:00
commit 1a66858020
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pandora_console/include/api.php
View File

@ -105,19 +105,19 @@ if ($info == 'version') {
if (empty($apiPassword) === true if (empty($apiPassword) === true
|| (empty($apiPassword) === false && $api_password === $apiPassword) || (empty($apiPassword) === false && $api_password === $apiPassword)
&& (enterprise_hook('metaconsole_validate_origin', [get_parameter('server_auth')]) === true
|| enterprise_hook('console_validate_origin', [get_parameter('server_auth')]) === true)
) { ) {
// Allow internal direct node -> metaconsole connection if (enterprise_hook('metaconsole_validate_origin', [get_parameter('server_auth')]) === true
// or node -> own console connection. || enterprise_hook('console_validate_origin', [get_parameter('server_auth')]) === true
$config['__internal_call'] = true; ) {
$config['id_usuario'] = 'admin'; // Allow internal direct node -> metaconsole connection
// Compat. // or node -> own console connection.
$config['id_user'] = 'admin'; $config['__internal_call'] = true;
$correctLogin = true; $config['id_usuario'] = 'admin';
} else if ((bool) isInACL($ipOrigin) === true) { // Compat.
// External access. $config['id_user'] = 'admin';
if (empty($apiPassword) === true || (empty($apiPassword) === false && $api_password === $apiPassword)) { $correctLogin = true;
} else if ((bool) isInACL($ipOrigin) === true) {
// External access.
$user_in_db = process_user_login($user, $password, true); $user_in_db = process_user_login($user, $password, true);
if ($user_in_db !== false) { if ($user_in_db !== false) {
$config['id_usuario'] = $user_in_db; $config['id_usuario'] = $user_in_db;
@ -138,10 +138,10 @@ if (empty($apiPassword) === true
$no_login_msg = 'Incorrect user credentials'; $no_login_msg = 'Incorrect user credentials';
} }
} else { } else {
$no_login_msg = 'Incorrect given API password'; $no_login_msg = 'IP '.$ipOrigin.' is not in ACL list';
} }
} else { } else {
$no_login_msg = 'IP '.$ipOrigin.' is not in ACL list'; $no_login_msg = 'Incorrect given API password';
} }
if ($correctLogin) { if ($correctLogin) {