Public access using PublicLogin interface

pandora_console/include/javascript/pandora_dashboards.js

@@ -1151,7 +1151,9 @@ function dashboardLoadVC(settings) {
     300 * 1000,
     handleUpdate,
     beforeUpdate,
-    settings.size
+    settings.size,
+    settings.id_user,
+    settings.hash
   );
 }
 

pandora_console/include/javascript/pandora_visual_console.js

@@ -1,5 +1,5 @@
 // TODO: Add Artica ST header.
-/* globals jQuery, VisualConsole, AsyncTaskManager, hash, id_user */
+/* globals jQuery, VisualConsole, AsyncTaskManager */
 
 /*
  * *********************
@@ -17,6 +17,9 @@
  * @param {function | null} onUpdate Callback which will be execuded when the Visual Console.
  * is updated. It will receive two arguments with the old and the new Visual Console's
  * data structure.
+ * @param {string|null} id_user User id given for public access.
+ * @param {string|null} hash Authorization hash given for public access.
+ *
  * @return {VisualConsole | null} The Visual Console instance or a null value.
  */
 // eslint-disable-next-line no-unused-vars
@@ -28,7 +31,9 @@ function createVisualConsole(
   updateInterval,
   onUpdate,
   beforeUpdate,
-  size
+  size,
+  id_user,
+  hash
 ) {
   if (container == null || props == null || items == null) return null;
   if (baseUrl == null) baseUrl = "";
@@ -46,6 +51,8 @@ function createVisualConsole(
           baseUrl,
           visualConsoleId,
           size,
+          id_user,
+          hash,
           function(error, data) {
             if (error) {
               //Remove spinner change VC.
@@ -651,6 +658,8 @@ function createVisualConsole(
  * Fetch a Visual Console's structure and its items.
  * @param {string} baseUrl Base URL to build the API path.
  * @param {number} vcId Identifier of the Visual Console.
+ * @param {string|null} id_user User id given for public access.
+ * @param {string|null} hash Authorization hash given for public access.
  * @param {function} callback Function to be executed on request success or fail.
  * On success, the function will receive an object with the next properties:
  * - `props`: object with the Visual Console's data structure.
@@ -658,7 +667,7 @@ function createVisualConsole(
  * @return {Object} Cancellable. Object which include and .abort([statusText]) function.
  */
 // eslint-disable-next-line no-unused-vars
-function loadVisualConsoleData(baseUrl, vcId, size, callback) {
+function loadVisualConsoleData(baseUrl, vcId, size, id_user, hash, callback) {
   // var apiPath = baseUrl + "/include/rest-api";
   var apiPath = baseUrl + "/ajax.php";
   var vcJqXHR = null;
@@ -721,8 +730,8 @@ function loadVisualConsoleData(baseUrl, vcId, size, callback) {
         page: "include/rest-api/index",
         getVisualConsole: 1,
         visualConsoleId: vcId,
-        id_user: id_user,
-        auth_hash: hash
+        id_user: typeof id_user == undefined ? id_user : null,
+        auth_hash: typeof hash == undefined ? hash : null
       },
       "json"
     )
@@ -738,8 +747,8 @@ function loadVisualConsoleData(baseUrl, vcId, size, callback) {
         getVisualConsoleItems: 1,
         size: size,
         visualConsoleId: vcId,
-        id_user: id_user,
-        auth_hash: hash
+        id_user: typeof id_user == undefined ? id_user : null,
+        auth_hash: typeof hash == undefined ? hash : null
       },
       "json"
     )

pandora_console/include/lib/Dashboard/Widgets/maps_made_by_user.php

@@ -29,7 +29,7 @@
 namespace PandoraFMS\Dashboard;
 // Load Visual Console.
 use Models\VisualConsole\Container as VisualConsole;
-
+use PandoraFMS\User;
 /**
  * Maps by users Widgets.
  */
@@ -498,6 +498,8 @@ class MapsMadeByUser extends Widget
                 'ratio'   => $ratio_t,
                 'size'    => $size,
                 'cellId'  => $this->cellId,
+                'hash'    => User::generatePublicHash(),
+                'id_user' => $config['id_user'],
             ]
         );
 

pandora_console/operation/visual_console/legacy_public_view.php

@@ -15,7 +15,11 @@
 // The session is configured and started inside the config process.
 require_once '../../include/config.php';
 
-// Set root on homedir, as defined in setup
+require_once $config['homedir'].'/vendor/autoload.php';
+
+use PandoraFMS\User;
+
+// Set root on homedir, as defined in setup.
 chdir($config['homedir']);
 
 ob_start();
@@ -61,10 +65,13 @@ $id_layout = (int) get_parameter('id_layout');
 $graph_javascript = (bool) get_parameter('graph_javascript');
 $config['id_user'] = get_parameter('id_user');
 
-$myhash = md5($config['dbpass'].$id_layout.$config['id_user']);
-
-// Check input hash
-if ($myhash != $hash) {
+// Check input hash.
+if (User::validatePublicHash($hash) !== true) {
+    db_pandora_audit(
+        'Invalid public visual console',
+        'Trying to access public visual console'
+    );
+    include 'general/noaccess.php';
     exit;
 }
 

pandora_console/operation/visual_console/public_view.php

@@ -182,8 +182,6 @@ $visualConsoleItems = VisualConsole::getItemsFromDB(
     var props = <?php echo (string) $visualConsole; ?>;
     var items = <?php echo '['.implode($visualConsoleItems, ',').']'; ?>;
     var baseUrl = "<?php echo ui_get_full_url('/', false, false, false); ?>";
-    var hash = "<?php echo get_parameter('hash', ''); ?>";
-    var id_user = "<?php echo get_parameter('id_user', ''); ?>";
 
     var controls = document.getElementById('vc-controls');
     autoHideElement(controls, 1000);
@@ -266,7 +264,15 @@ $visualConsoleItems = VisualConsole::getItemsFromDB(
         items,
         baseUrl,
         <?php echo ($refr * 1000); ?>,
-        handleUpdate
+        handleUpdate,
+        // BeforeUpdate.
+        null,
+        // Size.
+        null,
+        // User id.
+        "<?php echo get_parameter('id_user', ''); ?>",
+        // Hash.
+        "<?php echo get_parameter('hash', ''); ?>"
     );
 
     var controls = document.getElementById('vc-controls');