From 34a9c2f1f2a52da10c0af2bc23700b7b97e95a68 Mon Sep 17 00:00:00 2001
From: Calvo <luis.calvo@artica.es>
Date: Tue, 1 Feb 2022 09:37:02 +0100
Subject: [PATCH] Added token local user to allow enabling local auth  at user
 level

---
 pandora_console/extras/mr/53.sql                |  5 +++++
 .../pandoradb_migrate_6.0_to_7.0.mysql.sql      |  1 +
 .../godmode/users/configure_user.php            | 17 ++++++++++++++++-
 pandora_console/include/auth/mysql.php          |  7 +++++++
 pandora_console/pandoradb.sql                   |  1 +
 5 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 pandora_console/extras/mr/53.sql

diff --git a/pandora_console/extras/mr/53.sql b/pandora_console/extras/mr/53.sql
new file mode 100644
index 0000000000..17755cb642
--- /dev/null
+++ b/pandora_console/extras/mr/53.sql
@@ -0,0 +1,5 @@
+START TRANSACTION;
+ALTER TABLE `tusuario` ADD COLUMN `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0;
+
+
+COMMIT;
\ No newline at end of file
diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
index d6db1ad76e..27565b0b29 100644
--- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
+++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
@@ -1549,6 +1549,7 @@ ALTER TABLE `tusuario` MODIFY COLUMN `default_event_filter` int(10) unsigned NOT
 	DROP INDEX `fk_id_filter`;
 ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_user` VARCHAR(60);
 ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_pass` VARCHAR(45);
+ALTER TABLE `tusuario` ADD COLUMN `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0;
 
 
 -- ---------------------------------------------------------------------
diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php
index b91609e257..6fb6428dee 100644
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@@ -285,6 +285,7 @@ if ($new_user && $config['admin_can_add_user']) {
     $user_info['language'] = 'default';
     $user_info['timezone'] = '';
     $user_info['not_login'] = false;
+    $user_info['local_user'] = false;
     $user_info['strict_acl'] = false;
     $user_info['session_time'] = 0;
     $user_info['middlename'] = 0;
@@ -370,6 +371,7 @@ if ($create_user) {
     }
 
     $values['not_login'] = (bool) get_parameter('not_login', false);
+    $values['local_user'] = (bool) get_parameter('local_user', false);
     $values['middlename'] = get_parameter('middlename', 0);
     $values['strict_acl'] = (bool) get_parameter('strict_acl', false);
     $values['session_time'] = (int) get_parameter('session_time', 0);
@@ -571,6 +573,7 @@ if ($update_user) {
     }
 
     $values['not_login'] = (bool) get_parameter('not_login', false);
+    $values['local_user'] = (bool) get_parameter('local_user', false);
     $values['strict_acl'] = (bool) get_parameter('strict_acl', false);
     $values['session_time'] = (int) get_parameter('session_time', 0);
 
@@ -1212,6 +1215,18 @@ $not_login .= html_print_checkbox_switch(
     true
 ).'</div>';
 
+$local_user = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Local user').'</p>';
+$local_user .= ui_print_help_tip(
+    __('The user with local authentication enabled will always use local authentication.'),
+    true
+);
+$local_user .= html_print_checkbox_switch(
+    'local_user',
+    1,
+    $user_info['local_user'],
+    true
+).'</div>';
+
 $session_time = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Session Time');
 $session_time .= ui_print_help_tip(
     __('This is defined in minutes, If you wish a permanent session should putting -1 in this field.'),
@@ -1379,7 +1394,7 @@ if ($id != '' && !$is_err) {
 echo '<div id="user_form">
 <div class="user_edit_first_row">
     <div class="edit_user_info white_box">'.$div_user_info.'</div>  
-    <div class="edit_user_autorefresh white_box"><p class="bolder">Extra info</p>'.$email.$phone.$not_login.$session_time.'</div>
+    <div class="edit_user_autorefresh white_box"><p class="bolder">Extra info</p>'.$email.$phone.$not_login.$local_user.$session_time.'</div>
 </div> 
 <div class="user_edit_second_row white_box">
     <div class="edit_user_options">'.$language.$access_or_pagination.$skin.$home_screen.$default_event_filter.$double_authentication.'</div>
diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index dd223fecc2..cf6a8a274e 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -94,9 +94,16 @@ function process_user_login($login, $pass, $api=false)
     }
 
     // 2. Try local.
+    $local_user = db_get_value_filter(
+        'local_user',
+        'tusuario',
+        ['id_user' => $login]
+    );
+
     if ($login_remote === false
         && ($config['fallback_local_auth']
         || is_user_admin($login)
+        || $local_user
         || strtolower($config['auth']) == 'mysql')
     ) {
         return process_user_login_local($login, $pass, $api);
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index 0f766eea65..c86ba820d0 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -1288,6 +1288,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
 	`login_blocked` tinyint(1) unsigned NOT NULL default 0,
 	`metaconsole_access` enum('basic','advanced') default 'basic',
 	`not_login` tinyint(1) unsigned NOT NULL DEFAULT 0,
+	`local_user` tinyint(1) unsigned NOT NULL DEFAULT 0,
 	`metaconsole_agents_manager` tinyint(1) unsigned NOT NULL default 0,
 	`metaconsole_assigned_server` int(10) unsigned NOT NULL default 0,
 	`metaconsole_access_node` tinyint(1) unsigned NOT NULL default 0,