Api auth bearer token working

2022-12-30 16:11:49 +01:00 · 2022-12-30 16:11:49 +01:00 · 88aed19d30
parent af800fa886
commit 88aed19d30
2 changed files with 33 additions and 26 deletions
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -168,13 +168,17 @@ function process_user_login_local($login, $pass, $api=false, $passAlreadyEncrypt

    $row = db_get_row_sql($sql);

-    // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
-    if (strlen($row['password']) === 32) {
-        // MD5.
-        $credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
+    if ($passAlreadyEncrypted) {
+        $credentials_check = $pass === $row['password'];
    } else {
-        // Bcrypt.
-        $credentials_check = password_verify($pass, $row['password']);
+         // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
+        if (strlen($row['password']) === 32) {
+            // MD5.
+            $credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
+        } else {
+            // Bcrypt.
+            $credentials_check = password_verify($pass, $row['password']);
+        }
    }

    if ($credentials_check === true) {
--- a/pandora_console/operation/users/user_edit.php
+++ b/pandora_console/operation/users/user_edit.php
@ -269,26 +269,29 @@ $user_id = '<div class="label_select_simple"><p class="edit_user_labels">'.__('U
 $user_id .= '<span>'.$id.'</span></div>';

 $user_id .= '<div class="label_select_simple"><p class="edit_user_labels">'.__('API Token').'</p>';
-$user_id .= html_print_anchor(
-    [
-        'onClick' => sprintf(
-            'javascript:renewAPIToken(\'%s\', \'%s\', \'%s\')',
-            __('Warning'),
-            __('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'),
-            'user_profile_form',
-        ),
-        'content' => html_print_image(
-            'images/icono-refrescar.png',
-            true,
-            [
-                'class' => 'renew_api_token_image clickable',
-                'title' => __('Renew API Token'),
-            ]
-        ),
-        'class'   => 'renew_api_token_link',
-    ],
-    true
-);
+if (is_management_allowed()) {
+    $user_id .= html_print_anchor(
+        [
+            'onClick' => sprintf(
+                'javascript:renewAPIToken(\'%s\', \'%s\', \'%s\')',
+                __('Warning'),
+                __('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'),
+                'user_profile_form',
+            ),
+            'content' => html_print_image(
+                'images/icono-refrescar.png',
+                true,
+                [
+                    'class' => 'renew_api_token_image clickable',
+                    'title' => __('Renew API Token'),
+                ]
+            ),
+            'class'   => 'renew_api_token_link',
+        ],
+        true
+    );
+}
+

 // Check php conf for header auth.
 $lines = file('/etc/httpd/conf.d/php.conf');