From 68633e032d6765f51aa3937e9b4d09ebc1ef8498 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Wed, 10 Apr 2024 12:11:45 +0200
Subject: [PATCH] #13035 fixed permission user with access node

---
 pandora_console/include/ajax/jwt.ajax.php     | 70 -------------------
 pandora_console/include/ajax/token.php        | 21 ++++++
 pandora_console/include/javascript/pandora.js |  5 +-
 3 files changed, 23 insertions(+), 73 deletions(-)
 delete mode 100644 pandora_console/include/ajax/jwt.ajax.php

diff --git a/pandora_console/include/ajax/jwt.ajax.php b/pandora_console/include/ajax/jwt.ajax.php
deleted file mode 100644
index 62b84ab95e..0000000000
--- a/pandora_console/include/ajax/jwt.ajax.php
+++ /dev/null
@@ -1,70 +0,0 @@
-<?php
-/**
- * Json Web Token ajax
- *
- * @category   Ajax library.
- * @package    Pandora FMS
- * @subpackage Modules.
- * @version    1.0.0
- * @license    See below
- *
- *    ______                 ___                    _______ _______ ________
- *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
- *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
- * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
- *
- * ============================================================================
- * Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
- * Please see http://pandorafms.org for full contribution list
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation for version 2.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * ============================================================================
- */
-
-global $config;
-
-if (is_ajax() === false) {
-    exit;
-}
-
-// Begin.
-require_once $config['homedir'].'/include/class/JWTRepository.class.php';
-
-
-
-try {
-    $class = new JWTRepository($config['JWT_signature']);
-} catch (Exception $e) {
-    exit;
-}
-
-// Ajax controller.
-$method = get_parameter('method', '');
-$only_metaconsole = (bool) get_parameter('only_metaconsole', false);
-
-if (method_exists($class, $method) === true) {
-    if ($class->ajaxMethod($method) === true) {
-        if ($only_metaconsole === true) {
-            if (is_metaconsole() === true) {
-                $res = $class->{$method}();
-                echo json_encode(['success' => true, 'data' => $res]);
-            } else {
-                echo json_encode(['success' => false, 'error' => 'Environment is not a metaconsole']);
-            }
-        } else {
-            $res = $class->{$method}();
-            echo json_encode(['success' => true, 'data' => $res]);
-        }
-    } else {
-        echo json_encode(['success' => false, 'error' => 'Unavailable method.']);
-    }
-} else {
-    echo json_encode(['success' => false, 'error' => 'Unavailable method.']);
-}
-
-exit;
diff --git a/pandora_console/include/ajax/token.php b/pandora_console/include/ajax/token.php
index 37914cb417..1ff75c739a 100644
--- a/pandora_console/include/ajax/token.php
+++ b/pandora_console/include/ajax/token.php
@@ -25,9 +25,12 @@
  * GNU General Public License for more details.
  * ============================================================================
  */
+require_once $config['homedir'].'/include/class/JWTRepository.class.php';
 
 $list_user_tokens = (bool) get_parameter('list_user_tokens');
+$get_jwt_for_login = (bool) get_parameter('get_jwt_for_login', false);
 
+// Tokens for api 2.0.
 if ($list_user_tokens === true) {
     global $config;
 
@@ -162,3 +165,21 @@ if ($list_user_tokens === true) {
 
     return;
 }
+
+
+// Token for JWT auth in metaconsole.
+if ($get_jwt_for_login === true) {
+    global $config;
+    if (is_metaconsole() === true
+        && (users_is_admin($config['id_user']) === true || can_user_access_node() === true)
+        && empty($config['JWT_signature']) === false
+    ) {
+        $jwtRepository = new JWTRepository($config['JWT_signature']);
+        $token = $jwtRepository->create();
+        echo json_encode(['success' => true, 'data' => $token]);
+    } else {
+        echo json_encode(['success' => false, 'error' => 'User does not have permission or is not a metaconsole.']);
+    }
+
+    return;
+}
diff --git a/pandora_console/include/javascript/pandora.js b/pandora_console/include/javascript/pandora.js
index 3223d31bb3..685fff6610 100644
--- a/pandora_console/include/javascript/pandora.js
+++ b/pandora_console/include/javascript/pandora.js
@@ -2744,9 +2744,8 @@ function redirectNode(url, target = "_blank") {
     url: "ajax.php",
     dataType: "json",
     data: {
-      page: "include/ajax/jwt.ajax",
-      method: "create",
-      only_metaconsole: 1
+      page: "include/ajax/token",
+      get_jwt_for_login: 1
     },
     success: function(data) {
       var $form = $(`<form class='invisible' target='${target}'></form>`);