tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Api auth bearer token working

Browse Source
This commit is contained in:
Calvo 2022-12-30 16:11:49 +01:00
parent af800fa886
commit 88aed19d30
2 changed files with 33 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pandora_console/include/auth/mysql.php
View File

@ -168,13 +168,17 @@ function process_user_login_local($login, $pass, $api=false, $passAlreadyEncrypt
$row = db_get_row_sql($sql); $row = db_get_row_sql($sql);
// Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed. if ($passAlreadyEncrypted) {
if (strlen($row['password']) === 32) { $credentials_check = $pass === $row['password'];
// MD5.
$credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
} else { } else {
// Bcrypt. // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
$credentials_check = password_verify($pass, $row['password']); if (strlen($row['password']) === 32) {
// MD5.
$credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
} else {
// Bcrypt.
$credentials_check = password_verify($pass, $row['password']);
}
} }
if ($credentials_check === true) { if ($credentials_check === true) {

43
pandora_console/operation/users/user_edit.php
View File

@ -269,26 +269,29 @@ $user_id = '<div class="label_select_simple"><p class="edit_user_labels">'.__('U
$user_id .= '<span>'.$id.'</span></div>'; $user_id .= '<span>'.$id.'</span></div>';
$user_id .= '<div class="label_select_simple"><p class="edit_user_labels">'.__('API Token').'</p>'; $user_id .= '<div class="label_select_simple"><p class="edit_user_labels">'.__('API Token').'</p>';
$user_id .= html_print_anchor( if (is_management_allowed()) {
[ $user_id .= html_print_anchor(
'onClick' => sprintf( [
'javascript:renewAPIToken(\'%s\', \'%s\', \'%s\')', 'onClick' => sprintf(
__('Warning'), 'javascript:renewAPIToken(\'%s\', \'%s\', \'%s\')',
__('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'), __('Warning'),
'user_profile_form', __('The API token will be renewed. After this action, the last token you were using will not work. Are you sure?'),
), 'user_profile_form',
'content' => html_print_image( ),
'images/icono-refrescar.png', 'content' => html_print_image(
true, 'images/icono-refrescar.png',
[ true,
'class' => 'renew_api_token_image clickable', [
'title' => __('Renew API Token'), 'class' => 'renew_api_token_image clickable',
] 'title' => __('Renew API Token'),
), ]
'class' => 'renew_api_token_link', ),
], 'class' => 'renew_api_token_link',
true ],
); true
);
}
// Check php conf for header auth. // Check php conf for header auth.
$lines = file('/etc/httpd/conf.d/php.conf'); $lines = file('/etc/httpd/conf.d/php.conf');